July 13, 2026: the Department of War suspended CMMC Phase II pending a 60-day review — but NIST SP 800-171 obligations still stand. What it means for you
Veteran-Owned · Cyber AB Accredited Training Provider
Every framework. One platform. One teambehind you.
CMMC. SOC 2. HIPAA. FedRAMP. ISO 27001. Whatever audit stands between you and your next contract, Lionfish pairs the Cyber Tackle Box™ GRC platform with real practitioners who work by, with, and through your team — so compliance closes deals instead of eating months of your team's time.
Defense contractor? CMMC Phase II was suspended July 13, 2026 pending a DoW review — NIST SP 800-171 still applies. Get the straight story.
Service-Disabled Veteran-Owned Cyber AB Accredited Training Provider 4 IEEE-Published Papers Purdue CERIAS Partner
SDVOSB CertifiedCyber AB ATP — CCP & CCAIndiana OCTS Accredited SchoolDOL Apprenticeship ProgramPurdue CERIAS PartnerCompTIA Training PartnerPatent Pending #17941843IBJ Tech Exec of the YearSAM.gov Registered · CAGE 96LH8SDVOSB CertifiedCyber AB ATP — CCP & CCAIndiana OCTS Accredited SchoolDOL Apprenticeship ProgramPurdue CERIAS PartnerCompTIA Training PartnerPatent Pending #17941843IBJ Tech Exec of the YearSAM.gov Registered · CAGE 96LH8
Choose your mission
Three ways we deploy for you
One team, one platform, three missions. Pick the door that matches yours — everything you need is one click away.
01For Regulated Businesses
Compliance Services
An enterprise deal blocked on SOC 2. A DFARS clause demanding NIST 800-171. An OCR letter about HIPAA. Whatever the framework, we run your gap assessment, remediation, and evidence prep — by, with, and through your team. Defense contractor? Start with CMMC: Rapid Deployment.
Become a Certified CMMC Professional or Assessor with a Cyber AB Accredited Training Provider. Self-paced with real instructor support — taught by practitioners who do this work in the field. Enroll online today.
Our all-in-one GRC and training platform. Manage CMMC, NIST, HIPAA, SOC 2, FedRAMP, ISO 27001 and more — controls, policies, evidence, POA&Ms, and awareness training in one place. MSP multi-tenant ready.
Phase II assessments are suspended while the DoW reform review runs — but the security rules underneath them are still in your contracts, and your SPRS score is still visible to every prime.
0+
companies in the defense industrial base fall under DoW cybersecurity rules
0
NIST SP 800-171 requirements — still contractually binding under DFARS
~0%
of Level 2 contractors were certified when the pause hit
0 days
for the CMMC Reform Task Force to deliver its recommendations
The Green Beret method
By. With. Through.
Founded by a U.S. Army Special Forces veteran, Lionfish doesn't parachute in consultants who leave you dependent. We work the way Green Berets do — building capability that stays when we're gone.
BYBy partnering with you — your people, your systems, your mission. We start where you are, not where a template says you should be.
WIWith training built in — every engagement upskills your team, so compliance knowledge lives in-house instead of in an invoice.
THThrough force multiplication — our platform, Cyber Guardians, and partner network keep you resilient long after the certificate is on the wall.
Badges you can verify, not adjectives. These are the accreditations and affiliations behind every engagement.
ATP
Cyber AB / CAICO ATPAccredited Training Provider
CCP
Certified CMMC ProfessionalOfficial certification training offered
CCA
Certified CMMC AssessorOfficial certification training offered
PI
CMMC Provisional InstructorClasses led by certified instructors
SDV
SDVOSB CertifiedService-Disabled Veteran-Owned Small Business
SAM
SAM.gov RegisteredCAGE 96LH8 · UEI GGV3KKTQFTS3
IN
Indiana OCTSState-regulated career & technical school
C+
CompTIA Authorized AcademyCertification training partner
PAT
Patent PendingAI training methodology #17941843
IEEE
IEEE Published4 peer-reviewed AI & cyber papers
'24
IBJ Tech Exec of the YearIndianapolis Business Journal, 2024
4x
TechPoint Mira NomineeBest of Tech — 4 categories, 2024
Lionfish Training Academy
✓State-accredited technical school regulated by the Indiana Office for Career and Technical Schools.
✓CompTIA certification tracks — ITF+, A+, Network+, Security+, CySA+, PenTest+, Cloud+ and more.
✓DOL-approved apprenticeships and workforce-development programs, including grant-funded cohorts.
✓Cyber Sentinel Program — university students deployed to protect real organizations, from Purdue to Ball State to NOVA.
Build the bench
We don't just find cyber talent. We forge it.
The industry is short hundreds of thousands of defenders. Lionfish closes the gap from both ends — certifying working professionals and training the next generation of Cyber Guardians through accredited, grant-eligible programs.
A 30-minute readiness call tells you exactly where you stand, what the suspension does and doesn't change for you, and the calmest, cheapest path to being ready when the reformed requirements land.