IT Brief US - Technology news for CIOs & IT decision-makers
United States
A-LIGN & Exostar team up on CMMC defence compliance
Data Protection Supply Chain MSSP

A-LIGN & Exostar team up on CMMC defence compliance

Thu, 14th May 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

A-LIGN and Exostar have formed a partnership focused on Cybersecurity Maturity Model Certification for defence contractors, centred on supplier compliance risk across the defence industrial base.

The companies will combine Exostar's supplier management tools with A-LIGN's role as a CMMC Third-Party Assessor Organisation to support contractors seeking certification and prime contractors monitoring suppliers. The partnership targets companies working on Department of War contracts, where CMMC requirements are now being written into solicitations and renewals.

That shift has raised the stakes for large contractors with complex supplier networks. Prime contractors can face delays or disqualification if suppliers do not obtain accreditation in time, increasing pressure to track readiness across multiple tiers of the supply chain.

Exostar says its customer network covers more than half of the Defence Industrial Base and includes established relationships with Lockheed Martin, RTX, L3Harris, Northrop Grumman and Boeing. Its Supplier Management and CMMC Ready Suite are used to monitor supplier risk, including CMMC compliance status, and provide an operating environment designed to support preparation for accreditation.

A-LIGN brings the assessment side of the process to the partnership, alongside its broader cyber compliance and audit work. It says it has completed more than 36,000 audits and works with more than 6,400 organisations worldwide across frameworks including SOC 2, ISO 27001, FedRAMP, CMMC, PCI and HITRUST.

Supply chain pressure

The CMMC programme has become a critical issue for the defence sector because it ties cyber controls more directly to contract eligibility. Contractors are under pressure not only to meet their own requirements but also to ensure suppliers handling sensitive information can satisfy the same standards where required.

The partnership is intended to address that gap by linking visibility into supplier status with formal assessment services. In practice, prime contractors can identify suppliers that may be falling behind and direct them towards an assessment route through A-LIGN.

Scott Price, chief executive of A-LIGN, framed the deal around supplier weakness as both a commercial and security risk.

“The defense supply chain is only as strong as its weakest link,” Price said. “By pairing Exostar's supply chain visibility capabilities with A-LIGN's experienced CMMC teams that conduct rigorous assessments at scale, we're giving prime contractors the confidence that every supplier in their network gets certified and compliant before affecting DoW revenue streams. The partnership will help contractors drive readiness, strengthen security at scale, and position themselves for success.”

Exostar has built its position in regulated sectors around secure business-to-business collaboration and supplier oversight. In defence, that has given it a large installed base among companies that need to exchange sensitive information while meeting government compliance standards.

More than half of the Defence Industrial Base uses its platform, according to Exostar, with 98 of the top 100 firms conducting business over it. The company also says its network includes more than 200,000 companies and agencies in 175 countries, though the partnership's immediate focus is the US defence market and CMMC compliance.

Assessment route

For A-LIGN, the deal provides access to a broad group of suppliers that may need to move quickly as contract requirements tighten. For Exostar, adding a recognised assessor gives customers a more direct route from identifying gaps to seeking formal accreditation.

Richard Addi, chief executive of Exostar, said the company had invested in CMMC-related products and services since the framework first emerged.

“Our community has trusted us to deliver supply chain visibility and management and secure, compliant collaboration for over two decades. We've understood the importance of CMMC to the DoW and the DIB since the framework was first proposed in 2019, leading us to invest in the development of our innovative CMMC Ready Suite of products and managed services,” Addi said. “Partnering with A-LIGN complements our CMMC Ready Suite with the resources necessary to give our customers the direct, trusted accreditation assessment pathway imperative for primes and suppliers to protect and enhance their DoW revenue streams.”

The partnership reflects a broader trend in the defence market as contractors seek more structured ways to manage cyber compliance across their supplier bases. As CMMC moves from policy discussion into contract language, the commercial impact of certification has become more immediate for both large primes and smaller suppliers.

With Exostar's position among major defence contractors and A-LIGN's federal assessment work, the companies are aiming to address both sides of that pressure: visibility into supplier readiness and the practical process of obtaining accreditation. A single uncertified supplier can lead to disqualification from a contract award.

Related stories
Adam Dimopoulos joins as Chief Information Security Officer
KnowBe4 partners Secure Code Warrior on AI training
Strike Graph launches Trust Chain for supplier risk
Canada ahead of global average on password security
Cyberhaven expands AI security to track shadow agents
Top stories
Ericsson launches W2255 5G adapter for enterprise WAN
Most AI projects stall at pilot stage, survey finds
JetLearn launches AI literacy test in US & UK schools
NetApp & Red Hat boost OpenShift data protection
DE-CIX revenue rises as US exchanges gain ground