Compliance · US Department of Defense supply chain

Cybersecurity Maturity Model Certification Level 2 controls, mapped and evidenced.

CMMC 2.0 is a DoD program requiring defense industrial base contractors to demonstrate cyber security maturity. Level 2 aligns with NIST SP 800-171 (110 controls) and is required for contractors handling Controlled Unclassified Information (CUI).

About the framework

What is US CMMC 2.0?

Any organisation in the US defense supply chain handling CUI is subject to CMMC 2.0 Level 2. Level 3 applies to programs handling the most sensitive unclassified information.

Who it applies to

Prime contractors and subcontractors to the US DoD, defense industrial base manufacturers, integrators, and any organisation receiving CUI under a federal contract.

Cloudgenics mapping

How we satisfy US CMMC 2.0

NIST SP 800-171 controls applied at image and platform layer
CUI handling guardrails: tagging, encryption, isolation
Multi-factor authentication and JIT privileged access
Image signing and SBOM for supply chain risk requirements
Incident response and reporting aligned to DFARS 252.204-7012

Evidence model

What auditors get on day one.

Mapped control catalogue

Every US CMMC 2.0 requirement mapped to the Cloudgenics technical controls that satisfy it, with traceability.

Continuous evidence feed

Telemetry, configuration scans and audit logs streaming into a tamper-evident evidence store with retention aligned to the framework.

Walkthrough kit

Standardised auditor walkthrough materials — diagrams, run-books and policy templates — that fast-track the assessment.