When the Department of Defense raised the bar for protecting Controlled Unclassified Information, it raised the stakes for every contractor in the Defense Industrial Base. CMMC Level 2 is not a checkbox. It is an enterprise-wide assessment of 110 security requirements, evaluated by an accredited third party, with no room for partial credit on the controls that matter.
Vickers & Nolan Enterprises, LLC (VNE), a Service-Disabled Veteran-Owned Small Business founded in 2004 and a longtime technology partner to the Department of Defense, did not just clear that bar. They cleared it perfectly.
In April 2026, VNE earned a Final CMMC Level 2 certification across the enterprise with a perfect score of 110 out of 110, assessed by NSF as the Certified Third-Party Assessment Organization (C3PAO). It is the kind of outcome most contractors hope to approach. VNE reached all of it.
Peerless, VNE's managed services provider (MSP) and compliance partner, is proud to have been with them on that journey. Guiding contractors to CMMC certification is core to what we do, and VNE's result is among the milestones we are most proud to share. What set this engagement apart was the scope of our involvement. From the independent NIST SP 800-171 Gap Assessment that set their baseline, through structured remediation, and into the managed services we provide today, Peerless supported every aspect of VNE's readiness as a single accountable partner.
For most small and mid-sized defense contractors, CMMC is less about understanding the requirements and more about operationalizing them. The controls are published. The hard part is implementing them inside a live business, without slowing down the mission, and then proving that they work to an assessor who is trained to look closely.
That is where many organizations stall. They treat compliance as a documentation exercise handed to a consultant, or they lean on an IT provider who manages the network but does not speak the language of NIST SP 800-171 and CMMC. The result is a gap between what is written down and what is actually running in the environment. Assessors find that gap quickly.
VNE wanted to close that gap completely. They were looking for a partner who could do both: stand up and maintain the technical environment, and carry the compliance program through to a successful assessment.
In VNE's words, the decision came down to a practical understanding of both the CMMC requirements and the realities of operating within the Defense Industrial Base.
“From the beginning, the Peerless team demonstrated a strong balance of technical expertise, responsiveness, and operational realism,” the VNE leadership team shared. “It was clear that Peerless understood not only the controls themselves, but also how to implement them in a way that supported mission operations rather than disrupting them.”
That distinction matters. Plenty of providers can recite the controls. Far fewer can implement them in a way that a working business can actually live with. Peerless was selected because it could translate compliance into operations and keep the mission moving at the same time.
Certifications are won in the details, and the details are won over months of steady work. According to VNE, the factor that mattered most was the consistency and accessibility of the Peerless team throughout the engagement.
Whether the task was working through technical implementation details, validating compliance approaches, preparing for the assessment process, or responding quickly to questions as they surfaced, the Peerless team stayed engaged and solutions-focused from start to finish. The ability to work collaboratively through difficult implementation and documentation challenges reduced risk and kept the effort moving forward.
This is the part of the story that does not fit on a feature list. It is the difference between a vendor that delivers a deliverable and a partner that owns the outcome with you.
A perfect 110/110 is a remarkable headline. For VNE, the more lasting outcome is confidence.
“The biggest outcome is confidence,” VNE noted, “confidence that our cybersecurity posture, processes, and infrastructure are aligned to support our customers, our personnel, and the sensitive mission environments in which we operate.”
That confidence is not abstract. It shows up in faster contract conversations, in a stronger position on every bid, and in the knowledge that the security program will hold up under scrutiny because it was built to operate, not just to pass. The certification, awarded against NIST SP 800-171 and valid for three years, gives VNE a durable position in the marketplace and the runway to focus on the mission rather than the next audit.
VNE's advice to other SDVOSBs and DIB contractors weighing the same path is worth repeating: approach CMMC as more than a compliance exercise. When implemented correctly, it becomes an operational and business-strengthening effort that improves security, resiliency, and customer confidence across the organization.
“Certificate is now in hand! I could not have done it without you guys, understatement of the year. Peerless brought the technical expertise, responsiveness, and steady guidance necessary to help VNE successfully navigate a very demanding certification process.”
Mike Pope, Vickers & Nolan Enterprises
The CMMC market is crowded with consultants who write policies and MSPs who manage devices, and a real shortage of partners who do both well. That separation is exactly where certifications fall apart. A policy nobody operates is a finding waiting to happen. A managed environment with no compliance discipline is a risk nobody is tracking.
Peerless was built for the space in between. As a compliant MSP and MSSP focused on the Defense Industrial Base, we run one continuous program rather than a series of disconnected projects. It starts with a comprehensive, independent NIST SP 800-171 Gap Assessment to establish an honest baseline, moves into structured remediation against a clear POA&M, and continues through long-term managed services and engineering that keep every control operating, not just documented.
Some of those controls are not satisfied by a policy at all. They have to run every day. Continuous monitoring is one of them, which is why the managed environment includes the Peerless compliant SIEM, a fully managed, U.S. citizen-operated platform hosted in GCC High that aggregates and correlates security events across the organization. It is a working example of what we mean by built to operate: a control that produces evidence on its own, every day, instead of a binder that goes stale the moment the assessment ends.
A perfect score is not luck. It is what happens when the gap assessment, remediation, implementation, documentation, and ongoing operations are handled by the same partner, with the same standard, all the way through. It is also a repeatable process. VNE's certification reflects an approach we have refined across engagements in the Defense Industrial Base, and one we continue to apply as we help more contractors reach and maintain this milestone.
VNE's result shows what is possible when the right partner is in place from the beginning, and they are in good company among the contractors we support. If your organization is preparing for a CMMC Level 2 assessment, or simply trying to understand where you stand today, the right first step is a comprehensive NIST SP 800-171 Gap Assessment. From there, Peerless can help you build a realistic path from your current SPRS score to a certification you can defend, and keep it that way.
Let's talk about what your assessment-ready environment looks like.
Vickers & Nolan Enterprises, LLC name and logo used with permission. Certification details published with client approval.
