Need Help Implementing CMMC?

RPO RegisteredAs an approved Registered Provider Organization (RPO) by The Cyber AB (formerly the Cybersecurity Maturity Model Certification (CMMC) Accreditation Board), Appalachia Technologies provides full-scope CMMC services, from assessments, writing your System Security Plan and other documentation, expert penetration testing, or full scope CMMC-compliant managed IT services.  Our team of Registered Practitioners (RPs) perform CMMC readiness assessments to help prepare DIB contractors for Certified Third-Party Assessor Organization (C3PAO)s audits by identifying gaps and offering remediation solutions.  All Appalachia CMMC assessments begin with a full network vulnerability assessment using the best tools in the industry – at NO additional cost. Our proprietary assessment process was designed by military cybersecurity experts, setting Appalachia apart from competitors who perform assessments as a “paper only” exercise.  Our assessments are faster, more accurate, and provide actionable cybersecurity intelligence to our customers.

CMMC AT process

Appalachia operates a full-time Security Operations Center (SOC) and provides nationwide expert NIST, CMMC, and many other IT and cybersecurity services to defense contractors of every type - no matter how large or small.  Our job at Appalachia is to take away all of your CMMC compliance pain by providing every IT and cybersecurity service you need to comply.  We do this by employing in-house cybersecurity experts who meet the DoD’s own qualifications guidance.

Why Appalachia? 

Appalachia is a full-service Managed Services Provider with a big focus on cybersecurity.  We do not sell any hardware, which allows our services to be delivered in a vendor agnostic manner.  Appalachia is a top 50 Best Places to Work in Pennsylvania for three years running, and as a result we are able to hire and retain top technical talent.  Our people are what really make the difference - including some of the most experienced engineers found anywhere within our operating territory.  Appalachia’s engineers diligently maintain up-to-date IT professional certifications ensuring we bring the most current knowledge to our clients on a daily basis.

As an RPO in the CMMC ecosystem, Appalachia is authorized to provide consulting services to defense contractors and employs trained staff in the CMMC methodology. RPO status is achieved once an organization meets specific criteria, including Registered Provider (RP) training completion by a staff member and a background check of the organization and associated RPs.

CMMC RPO approval process


In addition to being an RPO, Appalachia is a SOC 2, Type II audited company.  SOC 2 stands for “Service Operation Control 2”. It is a compliance framework rooted in the five “trust-based” controls (Security, Availability, Processing Integrity, Confidentiality and Privacy) – again, more evidence of our commitment to cybersecurity and protection of client data. 


jason mcnew headshot thumbnailLeading Appalachia’s CMMC practice is Jason McNew, Senior Engineer, Cybersecurity Risk & Compliance, and founder of Stronghold Cyber Security, acquired by Appalachia in 2020.  With over 20 years of experience in the field of Information Technology, including 12 years at the White House Communications Agency (WHCA) and Camp David, he has worked on some of the most secure systems in the world, for some of the most important customers in the world.  While at WHCA, Jason held a Presidential access clearance called Presidential Service Duty (PSD) – an elite clearance granted only to those of unquestionable character and integrity.   

Jason specializes in NIST, CMMC, and DFARS compliance consulting services to defense contractors, and has helped numerous organizations meet these requirements.  As an active SME public speaker and contributor, he has his finger on the pulse of changing requirements and implementations.  

Prepare Now

Unlike NIST 800-171, the CMMC is not a “self-attestation” – certifications will only be performed by approved third party CMMC auditors (C3PAOs).  Start planning for compliance now, as only CMMC audited and certified companies will be allowed to continue working with the government.  For those companies that are already meeting NIST 800-171, there will be additional requirements that must be met before they can become CMMC certified.  With hundreds of thousands of contractors who need to get ready for the CMMC, waiting any longer is not an option. 


Avoid losing time by working with an RPO who has the accreditation from the CMMC-AB itself - For more information or to get help now, contact us at (888) 277-8320. 

News & Updates

P R E S S  R E L E A S E Grantville, PA:  On Wednesday, October 19, Appalachia Technologies will be hosting a free in-person cybersecurity summit at the Hollywood Casino at Penn National Race Course for regional CIOs, CISOs, and IT Security Leaders.

Contact Us

Learn more about what Appalachia Technologies can do for your business.

Appalachia Technologies
5012 Lenker Street
Mechanicsburg, Pennsylvania 17050