November 16, 2022 – Arlington, VA & Salem, MA – Two IT and cybersecurity leaders that specialize in securing the nation’s Defense Industrial Base (DIB) announced their merger today, creating a CMMC-centric managed services company focused on meeting the needs of government contractors. C3 Integrated Solutions, a full-service IT provider specializing in cloud-based solutions including Microsoft 365 GCC High, and Steel Root, a cybersecurity services provider specializing in Cybersecurity Maturity Model Certification (CMMC) compliance, have merged to provide defense contractors end-to-end managed services that streamline the technical and administrative burden of regulatory compliance. Most urgently, this includes CMMC, a robust set of cybersecurity controls designed to protect Controlled Unclassified Information (CUI) on contractor networks.

The new company will operate under the C3 Integrated Solutions name and will offer comprehensive DIB solutions anchored around Steel Root’s CMMC-centric managed services platform. Marc Pantoni, formerly President of Thrive, joins as CEO of the combined entity, and new investment from M/C Partners will be used to extend service capabilities to serve the unique needs of the DIB.

The DIB’s Urgent Need for End-to-End CMMC Solutions

The DIB’s 300k+ contractors face immediate pressure to meet CMMC requirements with CMMC expected to hit contracts in 2023. This pressure is magnified for small-to mid-sized contractors who may not have an experienced cybersecurity service provider that offers a holistic compliance solution which meets both technical and non-technical requirements.

Through this merger, Steel Root and C3 fill this market gap by offering a purpose-built solution designed to help government contractors accelerate their CMMC readiness and manage compliant environments. Defense contractors searching to find a single provider that can competently address their full range of CMMC requirements can rely on the newly combined company to:

  • Educate clients on CMMC requirements and their applicability to their environment
  • Deliver an end-to-end plan for meeting those requirements while minimizing business impact
  • Implement, manage, and update a CMMC-ready system that covers 100% of CMMC Level 2 technical requirements
  • Provide robust, assessment-ready documentation to prove compliance
  • Guide clients on non-technical CMMC requirements, such as the adoption and implementation of policies, processes, and other non-technical controls
  • Provide technical guidance on leveraging Microsoft cloud solutions for compliance

“Individually, both C3 and Steel Root have demonstrated a deep commitment to helping the Defense Industrial Base operate securely and meet critical compliance requirements,” said Travis Keller, Partner at M/C Partners. “That shared vision will enable them to capitalize on the urgent market need for trustworthy compliance partners by leveraging the strengths of both companies: Steel Root’s deep cybersecurity and compliance expertise and C3’s long history of delivering Microsoft-based IT services to government contractors. We are committed to supporting their growth as they protect our country’s sensitive information.”

A Unified Approach to CMMC Compliance

Steel Root’s CMMC solution, including its industry-leading CMMC Reference Architecture will be combined with the product portfolio of C3’s broader suite of IT services, including Microsoft GCC High. The company will also build off of C3’s pedigree as one of Microsoft’s original five AOS-G members to advance its existing GCC High implementation and guidance services, including offering compliance support for legacy environments.

“Our clients partner with Steel Root because we help them address CMMC comprehensively, and they value the certainty they get from our disciplined approach,” said Ryan Heidorn, chief technology officer of the new company. “What’s been missing from that focused approach, however, has been our ability to address the IT and security needs of the business holistically, to simplify licensing and support large-scale projects. We have long respected C3 as the go-to AOS-G partner for the defense community and a powerhouse in IT services. With this merger, we can not only meet our clients’ needs more broadly, but also reach more potential clients, including those that have traditionally shied away from an end-to-end CMMC solution.”

“We take pride in the trust our clients place in C3, and that trust is reflected in the long-term partnerships we’ve built with them,” added Bill Wootton, the company’s new chief revenue officer. “Government contractors rely on our ability to anticipate their needs and craft service offerings that meet them. We can tell that the demand for what Steel Root offers—a comprehensive CMMC solution built explicitly to meet contractual cybersecurity requirements—is growing exponentially. Together, we become the comprehensive DIB partner the industry has been needing.”

Managed Services Provider Leader Marc Pantoni Joins as CEO

Marc Pantoni has been appointed CEO of the combined entity. Formerly the president of Thrive, Pantoni is an accomplished MSP executive with a proven background in operations, compliance, service delivery, integration, and platform architecture. He brings extensive experience successfully scaling organizations to meet rapid growth objectives and was responsible for developing and executing Thrive’s corporate strategic initiatives, including the integration of all acquisitions.

He adds, “What’s exciting about the opportunity ahead is that we’re seeing the convergence of three critical conditions: urgency in the form of enforced regulatory pressures, the need for relevant technical and compliance expertise within our client base, and a vendor market filled with ineffective, incomplete solutions. We have an incredible opportunity to demonstrate leadership through the delivery and management of a CMMC-focused managed services platform that gives our clients the confidence to focus on running their businesses while relying on us to holistically address their compliance requirements.”

More information about the merger can be found on both companies’ blogs:

About M/C Partners

M/C Partners is a private equity firm focused on small and mid-size businesses in the digital infrastructure and technology services sectors. For more than three decades M/C Partners has invested $2.4 billion of capital in over 140 companies, leveraging its deep industry expertise to understand long-term secular trends and identify growth opportunities. The firm is currently investing its eighth fund, partnering with promising companies and leadership teams to support, scale, and improve operations and maximize value. For more information, visit https://mcpartners.com

About C3 Integrated Solutions

C3 Integrated Solutions is dedicated to securing our nation’s military infrastructure by protecting the cyber resources of the Defense Industrial Base (DIB).  As a leading provider of Microsoft 365 GCC High and Azure Government, and one of the original five Microsoft partners to provide GCC High, C3 specializes in helping their clients deploy and manage the technologies and services to meet NIST 800-171 and CMMC requirements.

C3 has been named to the Inc 5000 list of the fastest growing companies for three consecutive years. They have over ten years’ experience selling, deploying, and supporting Microsoft 365, including over 200 defense industry customers in GCC High. They are a CMMC Registered Provider Organization (RPO) and one of a handful of companies to successfully support the DIBCAC assessment of a C3PAO candidate. To learn more about C3, visit https://c3isit.com

About Steel Root

Steel Root accelerates CMMC compliance by implementing and managing a purpose-built cybersecurity solution designed for the U.S. Defense Industrial Base. Steel Root’s CMMC Reference Architecture brings together technology, processes, personalized guidance, and day-to-day management to ensure that government contractors of all sizes operate securely and can confidently meet CMMC requirements. Learn more about Steel Root cybersecurity and compliance offerings for federal contractors at steelroot.us