Most organizations that pass a CMMC Level 2 assessment do so with open findings. Teal CMMC passed with a perfect 110 out of 110 in April 2026 — zero findings, no open Plan of Action and Milestones.
What a perfect score means for contractors evaluating Teal CMMC.
A Level 2 assessment covers all 110 security controls in NIST SP 800-171. Passing with findings means a C3PAO found gaps. Passing without them – as Teal did – means that every control was fully implemented and documented at the time of assessment. There is no ambiguity about where the program stands.
We built this program the same way we build our clients’ programs, starting with:
- CUI scope precision
- Evidence traceability
- Properly implemented controls
The proof point that many MSPs can't offer you.
In addition to a perfect CMMC Level 2 assessment score, Teal was one of the first 62 Cyber AB-approved Registered Provider Organizations in the country.
The company also holds ISO 27001 certification and the CompTIA Security Trustmark+. Those credentials existed long before the CMMC assessment.
That’s a different kind of credibility than a partner who guides your audit without having passed one themselves.
Before you hire any MSP for CMMC work, here are four questions worth asking.
Four questions to ask any MSP you're considering for CMMC work.
The checklist below comes from our DIB Contractor MSP Evaluation Guide (see below).
1. Has your MSP passed a CMMC Level 2 assessment, and what was the result?
Passing with findings is different from passing clean. Ask to see the outcome, not just the certification.
2. How long have they supported clients operating under NIST SP 800-171 and DFARS requirements?
Familiarity with the frameworks is not the same as years of hands-on experience in regulated environments.
3. How do they prepare clients for a CMMC assessment?
A credible partner should be able to walk you through their readiness process – scope definition, documentation, evidence collection – not just hand you a checklist.
4. Will relevant evidence be available if an assessor requests it?
Evidence traceability is one of the most common failure points in CMMC assessments. Your MSP should have a clear answer to this question before the engagement starts.
Not sure whether your MSP candidates can deliver on CMMC? This evaluation checklist walks DIB contractors through the questions that separate qualified managed IT providers from those figuring it out alongside you.
What this means if you're pursuing Level 2.
If your organization is working toward CMMC Level 2 certification – or trying to protect existing contracts while CMMC enforcement expands – the partner you choose should be able to demonstrate their work.
Teal’s full-spectrum managed IT services are built on the same program that earned a perfect score, backed by over 25 years of DIB compliance experience. The company also offers CMMC consulting, NIST 800-171 gap analysis, and vCISO leadership to prepare defense contractors for their Level 2 assessment.
