Monarch ISC

Monarch ISC is a Cyber AB Marketplace-listed C3PAO and RPO based in Portland, ME.

Headquarters

Portland, ME

Region

Portland, ME

Founded

2014

Last verified

May 14, 2026

Sources

4 cited

Listing position

Editorial · unranked

Vendor website

Visit ↗

Plain-English description

What this provider does

Monarch ISC is a Cyber AB Marketplace-listed C3PAO based in Portland, ME, listed on the marketplace as operating since 2014. The Cyber AB listing names assessment services, cybersecurity consulting, governance, risk & compliance, managed it security services, penetration testing & phishing, security awareness and education, security products, security program development, third-party risk management, training, and virtual ciso among the services they offer. We have not independently verified the vendor's own website; the Cyber AB Marketplace listing is the basis of every claim on this page.

Registered as / claimed status

Stated affiliations and certifications

What the vendor (or a third party) states about their formal status. Each line is anchored to its source.

Listed on the Cyber AB Marketplace as a C3PAO[01]
Listed on the Cyber AB Marketplace as a Registered Practitioner Organization (RPO)[01]
Listed on the Cyber AB Marketplace as an Authorized Training Provider (ATP)[01]
Listed on the Cyber AB Marketplace as a Licensed Training Provider (LTP)[02]

Why buyers hire them

What this provider is commonly used for

Formal CMMC Level 2 certification assessments (provider's own scope and authorization should be verified on their own site).
[01]
Formal CMMC Level 2 certification assessments under their C3PAO authorization.
[02]
Cybersecurity consulting engagements, separate from any certification assessment work.
[02]
Workforce security awareness and training programs.
[02]
CMMC training and curriculum delivery as a Cyber AB-licensed training provider.
[02]

Stated services

Services the vendor claims

CMMC Level 2 third-party assessments[01]
Assessment Services[02]
Cybersecurity Consulting[02]
Governance, Risk & Compliance[02]
Managed IT Security Services[02]
Penetration Testing & Phishing[02]
Security Awareness and Education[02]
Security Products[02]
Security Program Development[02]
Third-Party Risk Management[02]
Training[02]
Virtual CISO[02]
CMMC training delivery[02]
CMMC Level 2 Certification Assessment[04]
CMMC Readiness Assessment[04]
Risk Assessment[04]
Policy and Plan Development[04]
Disaster Recovery Planning[04]
Incident Response Plan Development[04]
Cybersecurity Advisory and Consultation[04]
Instructor-Led Training[04]
Security Catapult Self-Assessment Tool[04]

What we don't know

Gaps in this record

Facts that could not be confirmed against a public source on the retrieval date. If you can point to an authoritative source for any of these, we'll update the record.

·This record is derived from the Cyber AB Marketplace listing. We have not independently verified the vendor's own CMMC page, pricing, or current engagement capacity.
·Vendor self-description and detailed service mix are not captured here — see the linked Cyber AB profile for the vendor's own narrative.
·We have not independently verified the vendor's own website. Cyber AB Marketplace listing is the basis of every claim on this page.
·Vendor pricing, current capacity, and engagement model are not captured here.

Sources

[01]Cyber AB · Cyber AB Marketplace listing — C3PAO, RPO, ATP
“Monarch ISC appears on the Cyber AB Marketplace with the address Portland, ME. Role(s): C3PAO, RPO, ATP.”
Retrieved May 14, 2026 · high confidence
[02]The Cyber AB · Monarch ISC | Cyber AB Marketplace
“Monarch ISC, the 7th organization to become an Authorized CMMC Third-Party Assessment Organization (C3PAO), is also an Authorized Training Provider (ATP) for official CCA and CCP courses, and a trusted advisor (RPO) for readiness consulting. Monarch ISC continues to demonstrate our leadership and commitment to the CMMC ecosystem. Our work is guided by a clear focus on security, compliance, and strategy — the foundation of every assessment, training, and advisory service we deliver. Based in Portland, Maine, Monarch ISC's team includes both Lead Certified CMMC Assessors (Lead CCAs) and Certified CMMC Assessors (CCAs), ensuring every assessment is conducted with rigor, clarity, and integrity. Every client's path to certification looks different. We focus on understanding those needs and guiding each client through a process that is clear, practical, and effective.”
Retrieved May 14, 2026 · high confidence
[03]The Cyber AB · Monarch ISC | Cyber AB Marketplace
“Monarch ISC, the 7th organization to become an Authorized CMMC Third-Party Assessment Organization (C3PAO), is also an Authorized Training Provider (ATP) for official CCA and CCP courses, and a trusted advisor (RPO) for readiness consulting. Based in Portland, Maine, Monarch ISC's team includes both Lead Certified CMMC Assessors (Lead CCAs) and Certified CMMC Assessors (CCAs), ensuring every assessment is conducted with rigor, clarity, and integrity.”
Retrieved May 14, 2026 · high confidence
[04]Monarch ISC · Monarch ISC Cybersecurity Authorized C3PAO
“Monarch ISC is an Authorized CMMC Third-Party Assessment Organization (C3PAO) authorized by the Cyber AB. The firm conducts CMMC Certification Assessments for DIB contractors and uses a proprietary self-assessment tool called Security Catapult to evaluate readiness against the 110 practices in NIST SP 800-171 (which form the basis of CMMC Level 2 requirements). Security Catapult generates a Plan of Action and Milestones (PoAM) linked directly to each CMMC requirement. Service offerings include Risk Assessment & Management, Policy & Plan Development, Disaster Recovery Plans & Exercises, Incident Response & Recovery Plan (IRP) development with tabletop exercises, Cybersecurity Advisory & Consultation, and Instructor-Led Training. Monarch has over 30 years of audit and assessment experience in financial institutions and healthcare, applied to the DIB.”
Retrieved May 14, 2026 · high confidence

Sources are the basis of every factual claim on this page. If the vendor has updated their site, the “last verified” date will lag. Re-check the vendor URL before relying on it.