Compliance & Regulation
From basic FCI protection to advanced CUI security, IPS guides your organization through every CMMC level, ensuring compliance and resilience against cyber threats.
IPS helps organizations meet the U.S. Department of Defense (DoD) requirements for cybersecurity through the Cybersecurity Maturity Model Certification (CMMC). Contractors and subcontractors in the defense industrial base (DIB) must implement the security controls outlined in NIST SP 800-171 r2 to protect Controlled Unclassified Information (CUI), as required by DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting.
Additionally, contractors handling Federal Contract Information (FCI) must comply with FAR 52.204-21, Basic Safeguarding of Covered Contractor Information Systems. IPS supports organizations in meeting these requirements efficiently and securely.
The DoD officially launched CMMC on October 15, 2024 via 32 CFR part 170, with the rule effective December 16, 2024. The acquisition rule (48 CFR Parts 204, 212, 217, and 252) published September 10, 2025, amended DFARS 252.204-7021 to require CMMC certification for covered contractors. This rule is effective November 10, 2025, embedding CMMC requirements directly into DoD contracts.
IPS provides the expertise and tools to guide your organization through every step of CMMC compliance.
Level 1: Basic Safeguarding of FCI
Focus: Protect basic Federal Contract Information (FCI), such as contract numbers or delivery schedules. Requirements: 15 fundamental cybersecurity practices, e.g., regular password changes, antivirus installation. Assessment: Annual self-assessment. Applicability: All contractors handling FCI. Ideal for smaller organizations with limited exposure to sensitive data.
Level 2: Broad Protection of CUI
Focus: Safeguard Controlled Unclassified Information (CUI), including sensitive data subject to dissemination controls. Requirements: 110 security practices aligned with NIST SP 800-171 r2, including: Maintaining a System Security Plan (SSP) Logging and monitoring CUI assets Vulnerability scanning and remediation Assessment: Defined by contract; may require self-assessment or third-party assessment (C3PAO). Applicability: Contractors handling CUI.
Level 3: Advanced Protection of CUI
Focus: Protect highly sensitive CUI against Advanced Persistent Threats (APTs). Requirements: All Level 2 requirements, plus additional practices from NIST SP 800-172, including: Comprehensive incident response planning Continuous monitoring programs Supply chain security management Assessment: Government-led by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). Prerequisite: Must first achieve Level 2. Applicability: Contractors on highly sensitive government projects. Higher CMMC levels correspond to higher data sensitivity and stricter security controls. IPS ensures your organization is prepared for any required level.
IPS leverages advanced cloud and IT solutions to simplify CMMC compliance, including:
Cloud & Workspace Solutions: We help configure systems, storage, and applications to meet CMMC requirements.
Continuous Monitoring & Security Controls: IPS implements robust monitoring, auditing, and vulnerability management.
Documentation & Assessment Support: IPS provides guidance for System Security Plans (SSP), CMMC Customer Responsibility Matrices (CRM), and third-party assessments.
Data Boundary & FedRAMP Compliance: For cloud deployments, IPS ensures sensitive data stays within required jurisdictions and complies with FedRAMP High standards.
With IPS, your organization can confidently achieve and maintain CMMC certification, protecting your contracts, data, and reputation.