As a family‑owned global IT solutions provider with more than 60 years of experience, Continental Resources (ConRes) delivers a comprehensive range of technologies and services to over 3,000 customers across multiple industries worldwide. As a reseller for all major technology vendors — including industry leaders such as Cisco — ConRes offers an extensive portfolio spanning products, services, solution design, configuration, warehousing, and logistics.
ConRes serves federal contractors within the Defense Industrial Base (DIB), which required the company to maintain compliance with the recently established Cybersecurity Maturity Model Certification (CMMC 2.0) program. With A-LIGN as their trusted C3PAO, ConRes became one of the first organizations to successfully obtain CMMC Level 2 certification in June 2025.
Why A-LIGN
ConRes’s overarching security philosophy is to avoid shortcuts; everything must be accurate, complete, and defensible. To ensure the highest level of compliance, they sought out an audit partner that shared the same ethos.
ConRes engaged A-LIGN for their SOC 2 compliance needs due to growing customer requests from large financial institutions, before CMMC certification was a requirement.
In 2018, the company had considered over twenty auditing firms before finally selecting A‑LIGN, a decision influenced by ConRes’ deep industry knowledge of what a high-quality auditor with deep federal compliance experience provides.
The long-standing relationship between ConRes and A-LIGN has been built on the quality of the people at A‑LIGN — professionals who ConRes found to be professional, patient and deeply familiar with ConRes’ environment.
“We are in the IT industry, so we have worked with a lot of different audit providers. It was a significant decision to choose to work with A-LIGN, and we have stayed with them since 2018. It was a no brainer to work with them for our CMMC certification. We like their approach, but we really appreciate the people we get to work with – they are patient, and they truly help us.”
–Louis Novakis, Data Protection Officer/Executive Director of Professional Services & Contracts
Why CMMC
ConRes designs, procures, implements, and manages IT solutions for organizations across highly regulated industries, including many that must comply with federal requirements and operate within the DIB.
These organizations depend on ConRes to bridge the gap between technology manufacturers and their internal teams, enabling them to operate with greater agility, security, and competitiveness. Because of this, as soon as the CMMC 1.0 program was announced in 2020, ConRes committed to pursuing certification.
To prepare, the ConRes team did ample research on NIST-based controls for years to ensure they had the correct systems in place to prepare and maintain the highest level of compliance.
The ConRes team proactively scheduled annual check‑ins with A‑LIGN to plan audit timing and even expressed interest in joining a pilot program. Having already implemented the SOC 2 framework and NIST 800-171 controls, they felt confident in their readiness — but they also understood that SOC 2 compliance does not automatically satisfy CMMC requirements. Each framework has its own control requirements, and ConRes invested significant effort to ensure it could meet CMMC’s specific expectations.
“When CMMC was introduced, ConRes made a goal to become one of the first organizations to obtain certification. Working with A-LIGN from the beginning gave us the confidence to navigate our very first CMMC assessment and ultimately had a profound impact on our certification success.”
-Paul Begley, Chief Technologist
Results
The ConRes team found working with A-LIGN during the CMMC assessment was a smooth and successful experience.
Their long-standing relationship with the firm proved to be beneficial to the process. The ConRes team knew A-LIGN delivered thorough and high-quality audits, and ConRes prepared long and hard to successfully navigate their first CMMC assessment with A-LIGN’s rigorous audit methodology.
ConRes’ data management strategy also contributed to a successful audit. The company had already centralized end‑user data in OneDrive and adopted a classification model that treats all incoming data as highly sensitive, regardless of department. While this approach differs from traditional segmented access models, it aligns with the company’s security priorities and contributed to a smooth assessment process.
Advice for other Organizations Seeking Certification (OSCs)
As an organization that spent years preparing for certification, the ConRes team implores that other OSCs should prepare for certification immediately, citing ample preparation as the success to their certification journey.
“The most critical piece of advice we can convey is to be prepared. We read all the NIST materials on a yearly basis for the last 10-15 years. We meet every year to review and map every single control subsection. We spend an enormous amount of time ensuring that our IT systems meet every single control and compliance aspect.”
-Louis Novakis, Data Protection Officer/Executive Director of Professional Services & Contracts
ConRes also encourages OSCs to partner with a trusted auditor — like A‑LIGN — to support ongoing CMMC compliance in Years 2 and 3 and to help them continuously strengthen their processes as requirements evolve.
About ConRes
Backed by more than 60 years of customer dedication, ConRes is a Private, Family, Women-Owned IT solutions provider bringing best-of-breed technology solutions and managed services together to solve business problems. By combining top-level manufacturer partnerships, highly skilled professional services and a state-of-the-art Integration & Logistics Center, we bring value by delivering end-to-end solutions across cloud, collaboration, cybersecurity, data center, DevOps and networking.