Capabilities
P2 Compliance: CMMC
- Capabilities
- Lifecycle Protection
- SmartView
- P2 Compliance
- Strategic Space Protection
- Cybersecurity
- Supply Chain Risk Management
- Technology Protection Engineering
- Insider Threat
- Counterintelligence
- International Security
- Research Security Program
- Training & Consulting
- Classified IT Destruction
- Identity Management
CMMC: What is it and Why is it Important?
The Cybersecurity Maturity Model Certification (CMMC) Program aligns with the Department of Defense / Department of War’s existing information security requirements for the Defense Industrial Base. It is designed to enforce the protection of sensitive unclassified information shared by the Department with its contractors and subcontractors.
The Department requires ALL contractors who handle Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) to comply with CMMC. These are legal and contractual obligations, not optional frameworks. Failure to comply can result in ineligibility for contracts, termination, or potential False Claims Act exposure for inaccurate self-attestations.
| Level of CMMC | Focus | Data Type | Assessment Requirement | Legal Standing |
| Level One: Foundational | Basic Cyber Hygiene | Federal Contract Information (FCI) Only | Annual Self-Assessment | Required for All Contractors Handling FCI |
| Level Two: Advanced | Protection of Controlled Unclassified Information (CUI) | FCI and CUI | Triennial C3PAO or Annual Self-Assessment | Mandated for All Contractors Managing CUI |
| Level Three: Expert | Protection Against APTs | High-Value CUI and Defense Programs | Government-led Assessment | Applies to Critical National Security Programs |