M9 Solutions Completes CMMC Level 1 Self-Assessment

M9 Solutions has completed a Cybersecurity Maturity Model Certification Level 1 self-assessment and maintained an affirmation in the Supplier Performance Risk System, or SPRS, reinforcing its cybersecurity compliance posture as the Department of War begins phased enforcement of CMMC requirements.

The company said in a LinkedIn post on Thursday that the assessment aligns with Defense Federal Acquisition Regulation Supplement 252.204-7020 and reflects its ongoing efforts to protect federal contract information and meet evolving War Department cybersecurity expectations.

It noted that it continues to invest in cybersecurity governance, internal controls and operational safeguards to protect customers, partners and mission data.

Cybersecurity has become central to how governments defend data, systems and missions in an increasingly contested digital environment. The 2026 Cyber Summit on May 21 will bring together public- and private-sector leaders to examine evolving cyber threats, assess progress toward the Department of War’s 2027 zero trust deadline and discuss practical approaches to strengthening cyber resilience across defense and civilian agencies. Register now.

How Does DFARS 252.204-7025 Affect Contractors?

DFARS 252.204-7025 informs potential offerors that specific CMMC levels will be required to compete for and receive certain War Department contracts.

By completing its Level 1 self-assessment and maintaining an active SPRS affirmation, M9 positions itself to respond to solicitations that include CMMC prerequisites as those requirements are phased into acquisitions.

The phased rollout of the CMMC program began on Nov. 10, marking a transition from voluntary self-attestation to enforceable cybersecurity requirements embedded in contracts.

A recent CyberSheath study revealed that a large portion of the defense industrial base remains unprepared for CMMC assessments, with many contractors lacking validated controls or SPRS submissions. Against that backdrop, early compliance actions are becoming a differentiator for companies seeking to sustain work with the War Department.