XML 44 R29.htm IDEA: XBRL DOCUMENT

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

The Company recognizes the critical importance of developing, implementing, and maintaining robust cybersecurity measures to safeguard our information systems and protect the confidentiality, integrity, and availability of our data.

Managing Material Risks & Integrated Overall Risk Management

Castellum strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. Our IT department continuously evaluates and addresses cybersecurity risks in alignment with our business objectives and operational needs.

Engage Third-parties on Risk Management

Recognizing the complexity and evolving nature of cybersecurity threats, the Company engages with a range of external experts, including cybersecurity assessors, consultants, and auditors in evaluating and testing our critical systems. These partnerships enable us to leverage specialized knowledge and insights, ensuring our cybersecurity strategies and processes remain at the forefront of industry best practices. Our collaboration with these third parties includes periodic audits, threat assessments, and consultation on security enhancements.

Oversee Third-party Risk

Because we are aware of the risks associated with third-party service providers, the Company implements stringent processes to oversee and manage these risks. We conduct thorough security assessments of all third-party providers before engagement and maintain ongoing monitoring to ensure compliance with our cybersecurity standards. The monitoring includes quarterly assessments by our Cybersecurity Manager and on an ongoing basis by our security engineers. This approach is designed to mitigate risks related to data breaches or other security incidents originating from third parties.

Risks from Cybersecurity Threats

We have not encountered cybersecurity challenges that have materially impaired our operations or financial standing.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

Castellum strategically integrated cybersecurity risk management into our broader risk management framework to promote a company-wide culture of cybersecurity risk management. This integration ensures that cybersecurity considerations are an integral part of our decision-making processes at every level. Our IT department continuously evaluates and addresses cybersecurity risks in alignment with our business objectives and operational needs.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

false

Cybersecurity Risk Board of Directors Oversight [Text Block]

The Board is acutely aware of the critical nature of managing risks associated with cybersecurity threats. The Board has established oversight mechanisms to ensure effective governance in managing risks associated with cybersecurity threats because we recognize the significance of these threats to our operational integrity and stakeholder confidence. The Board is briefed on a periodic basis as to the nature of actions taken to mitigate risks from cyberattacks.

Board of Directors Oversight

The Audit Committee is central to the Board’s oversight of cybersecurity risks and bears the primary responsibility for this domain. The Audit Committee is composed of board members with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

The COO and the CEO play a pivotal role in informing the Audit Committee on cybersecurity risks. The COO was Castellum’s Vice President of Technology and Deployment before becoming COO in September of 2024, and is a certified CMMC Professional. They provide comprehensive briefings to the Audit Committee on an at least an annual basis. These briefings encompass a broad range of topics, including:


			●			Current cybersecurity landscape and emerging threats;
			●			Status of ongoing cybersecurity initiatives and strategies;


			●			Incident reports and learnings from any cybersecurity events; and
			●			Compliance with regulatory requirements and industry standards.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

They provide comprehensive briefings to the Audit Committee on an at least an annual basis. These briefings encompass a broad range of topics, including:


			●			Current cybersecurity landscape and emerging threats;
			●			Status of ongoing cybersecurity initiatives and strategies;


			●			Incident reports and learnings from any cybersecurity events; and
			●			Compliance with regulatory requirements and industry standards.

Cybersecurity Risk Role of Management [Text Block]

Management’s Role Managing Risk

The COO and the CEO play a pivotal role in informing the Audit Committee on cybersecurity risks. The COO was Castellum’s Vice President of Technology and Deployment before becoming COO in September of 2024, and is a certified CMMC Professional. They provide comprehensive briefings to the Audit Committee on an at least an annual basis. These briefings encompass a broad range of topics, including:


			●			Current cybersecurity landscape and emerging threats;
			●			Status of ongoing cybersecurity initiatives and strategies;


			●			Incident reports and learnings from any cybersecurity events; and
			●			Compliance with regulatory requirements and industry standards.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

The COO and the CEO play a pivotal role in informing the Audit Committee on cybersecurity risks. The COO was Castellum’s Vice President of Technology and Deployment before becoming COO in September of 2024, and is a certified CMMC Professional. They provide comprehensive briefings to the Audit Committee on an at least an annual basis. These briefings encompass a broad range of topics, including:


			●			Current cybersecurity landscape and emerging threats;
			●			Status of ongoing cybersecurity initiatives and strategies;


			●			Incident reports and learnings from any cybersecurity events; and
			●			Compliance with regulatory requirements and industry standards.

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

The COO was Castellum’s Vice President of Technology and Deployment before becoming COO in September of 2024, and is a certified CMMC Professional. They provide comprehensive briefings to the Audit Committee on an at least an annual basis.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

They provide comprehensive briefings to the Audit Committee on an at least an annual basis. These briefings encompass a broad range of topics, including:


			●			Current cybersecurity landscape and emerging threats;
			●			Status of ongoing cybersecurity initiatives and strategies;


			●			Incident reports and learnings from any cybersecurity events; and
			●			Compliance with regulatory requirements and industry standards.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true