SAP National Security Services has obtained Level 2 certification under the Department of War’s Cybersecurity Maturity Model Certification program, positioning the company to continue supporting contracts involving controlled unclassified information.

The company said Monday that the certification comes amid tightening cybersecurity across DOW and the defense industrial base.

Level 2 is the middle tier of the Pentagon’s updated CMMC framework and requires implementation of 110 security controls aligned with National Institute of Standards and Technology Special Publication 800-171 Revision 2. The designation applies to contractors that process, store or transmit federal contract information and CUI during contract performance. The certification remains valid for three years, with annual affirmations required during that period.

“Achieving CMMC Level 2 certification underscores our unwavering commitment to protecting our nation’s most sensitive information,” said Penny Klein, chief information security officer at SAP NS2.

“It validates the robust security controls we already have in place and reinforces our ability to meet the evolving security requirements of the DOW community,” she added.

What Role Does CMMC Play in SAP NS2’s Cyber Strategy?

Ted Wagner, vice president and CISO at SAP NS2, previously described the revised CMMC program as a critical mechanism for strengthening safeguards across the DIB.

In a prior commentary, Wagner said the updated CMMC framework is structured to protect sensitive information, enforce accountability and maintain rigorous cybersecurity standards while reducing unnecessary compliance barriers.

How Does SAP NS2 View the Future of Cybersecurity?

In another opinion piece, Wagner has outlined three imperatives shaping the future of cybersecurity: strengthening public-private collaboration, embedding security-by-design into emerging technologies and investing in the next generation of cybersecurity professionals.

He has described artificial intelligence as a “double-edged sword” in cybersecurity, noting that while threat actors use AI to automate attacks, the same technologies enable defenders to analyze large datasets, automate responses and identify vulnerabilities earlier.

According to Wagner, SAP NS2 integrates AI into its security architecture while maintaining human oversight, particularly in high-consequence decisions.

He has also emphasized that cyber resilience depends on integrating people, processes and technology, and shifting from point-in-time compliance to continuous monitoring.