Kristen Smith 
Cherokee Federal has achieved Level 2 authorization under the Cybersecurity Maturity Model Certification program through a certified third-party assessment organization, positioning the company to meet upcoming Department of War cybersecurity requirements.
The certification, valid for three years and recorded in the Supplier Performance Risk System, confirms compliance with 110 security controls aligned with National Institute of Standards and Technology Special Publication 800-171, Cherokee Federal said Friday.
The 2026 Cyber Summit, hosted by Potomac Officers Club on May 21, will feature a panel discussion examining how organizations meet evolving security requirements across the defense industrial base. Register now.
Why is CMMC Important for GovCon?
The milestone comes ahead of a key policy shift. Beginning in November, DOW will require contractors handling controlled unclassified information to obtain CMMC Level 2 certification through an independent assessment.
That requirement is part of the broader CMMC 2.0 rollout, which is being implemented in phases to strengthen cybersecurity across the defense industrial base and better protect sensitive government data.
By securing certification early, Cherokee Federal positions itself to compete for contracts requiring higher cybersecurity standards while supporting existing programs that involve sensitive information.
How Does This Support Cherokee Federal’s Market Position?
“Earning CMMC Level 2 C3PAO is a defining milestone for Cherokee Federal,” said Clint Bickett, president of Cherokee Federal. “This certification demonstrates that we are prepared for where the market is going and committed to meeting the highest standards of cybersecurity, performance and trust.”
