Security Centric today announced that its StormCloud Gov platform has been selected as a Verified External Service Provider (VESP) for the U.S. Army's Next-Gen Commercial Operations in Defended Enclaves (NCODE). The Indefinite Delivery, Indefinite Quantity (IDIQ) contract is a five-year, $49 million program managed by Army Contracting Command. Security Centric was one of eight companies selected from a competitive field of 31 bids, with VESP services set to begin May 15, 2026.
NCODE was established by the Army to solve a problem that has quietly threatened the defense supply chain for years: the cost and complexity of cybersecurity compliance is pushing small businesses out of the Defense Industrial Base. For companies with as few as 2 to 50 employees, achieving CMMC Level 2 certification through traditional routes such as Microsoft GCC High can take 6 to 18 months and cost $150,000 to $500,000 - before a single assessment ever takes place. NCODE pairs eligible small businesses with qualified VESPs to deliver the secure, compliant environment they need to pursue certification, funded through the Department of War.
Though initially created by the Army, the NCODE marketplace is open to contractors across the entire DoW DIB - including the Marine Corps, Navy, Air Force, Space Force, Major Defense Agencies, National Guard and their SMB supply chain ecosystems. The full program is expected to expand to thousands of eligible DIB businesses within six months.
"Small defense businesses are the backbone of America's warfighting capability, yet CMMC compliance costs are currently pricing too many of them out of the industry. StormCloud Gov removes these barriers by providing a ready-made environment with inherited controls and a clear rapid path to certification. Now backed by NCODE funding and flexible monthly payments, we are empowering small contractors to stay competitive and secure their vital role in our national defense."- Sean Hulbert, Co-Founder, Security Centric
StormCloud Gov: CMMC Certification Foundation
StormCloud Gov is a secure, managed enclave that provides DIB contractors the technical foundation required to pursue CMMC Level 2 certification through a qualified C3PAO assessor. StormCloud delivers to the DIB:
- CMMC Level 2-Ready Secure Enclave - A fully managed CUI environment providing full NIST SP 800-171 control coverage, with FIPS 140-3 validated encryption, DFARS 7012 compliance, and Quantum Resilient Encryption (QRE).
- Zero Trust Architecture - Security built natively into the StormCloud Gov environment, with MFA, DoD CAC/PIV authentication, and Identity Credential Access Management (iCAM).
- Clientless vDesktop & Secure Collaboration - Browser-based virtual desktop and managed email and file sharing accessible from any device, with no software or hardware investment required, fully supporting ITAR and CUI-sensitive operations.
- Full Service "White Glove" SLA - Fully outsourced technical operations meeting the highest level of support and problem resolution.
- Vetted RPO and C3PAO Partner Network - Access to providers already expert in the StormCloud Gov environment, enabling full CMMC Level 2 certification in as little as 30 days depending on client readiness.
About Security Centric, Inc.
Security Centric is a Danville, California-based Managed Service Provider (MSP) specializing in cybersecurity and CMMC compliance environments for the Defense Industrial Base. Trusted by more than 1,000 organizations, including some of the largest U.S. defense prime contractors, the StormCloud Gov platform is a purpose-built managed enclave that provides 100% CMMC Level 2 / NIST SP 800-171 technical control coverage through inheritance - giving defense contractors the technical foundation to pursue CMMC certification in as little as 30 days, at up to 60% less than hyperscaler solutions, with zero infrastructure investment required.
www.securitycentric.net · (925) 663-5565 · GetCertified@securitycentric.net