By Walter Pierowski

The Department of Defense (DoD) is rapidly tightening cybersecurity requirements across the defense industrial base (DIB), making the C3PAO Cybersecurity Maturity Model Certification (CMMC) Level 2 a standard for contract eligibility when a contract involves Controlled Unclassified Information (CUI).

For most contractors and suppliers, CMMC Level 2 is now the critical threshold. It governs how Controlled Unclassified Information (CUI) is handled, stored and transmitted—and increasingly determines whether organizations can participate in defense programs at all.

Data from CMMC illustrates its strict standards and challenges across the market. Only a small fraction of contractors have achieved Level 2 certification, with readiness across the DIB remaining critically low, and many organizations still lacking required controls and documentation.

Infinite Electronics’ Hayden, Idaho facility achieved CMMC Level 2 certification in December of 2025, being an early adopter of this critical requirement. This validates that the Hayden facility has implemented all 110 controls required under NIST SP 800-171 and reinforces its role as a secure partner within the DoD supply chain.

Key Takeaways

• CMMC Level 2 cybersecurity is now being implemented for handling Controlled Unclassified Information (CUI) in DoD programs
• C3PAO Certification is enforced through third-party assessment organizations*
• Compliance extends beyond IT systems into physical infrastructure and electronics
• Power, RF and communications systems must be protected to maintain system integrity
• Infinite Electronics’ Hayden, Idaho facility has achieved CMMC Level 2 Certification as an early adopter

Why CMMC Matters Now

CMMC represents a shift from trust-based compliance to verified cybersecurity enforcement.

Historically, contractors self-attested to meeting NIST standards with Level 1 Certification. Today, CMMC Level 2 certification must be validated by independent assessors, and failure to comply can result in lost contract eligibility.

With CMMC now embedded into DoD contracts and phased enforcement underway, compliance is becoming a gatekeeper for participation across the defense ecosystem.

CMMC requirements extend across the defense supply chain, meaning contractors must work with partners that meet the same certification standards when Controlled Unclassified Information is involved.

What Is CMMC?

The Cybersecurity Maturity Model Certification is a DoD framework designed to standardize cybersecurity practices across contractors and suppliers.

It defines levels of maturity tied to the sensitivity of information being handled and ensures consistent safeguards across the supply chain.

The transition from self-attestation to third-party verification addresses long-standing gaps in how cybersecurity requirements were previously enforced.

What Is CMMC Level 2?

CMMC Level 2 focuses on protecting and Federal Contracting Information (FCI) and Controlled Unclassified Information (CUI), which includes sensitive but unclassified data critical to defense operations.

It aligns directly with NIST SP 800-171 and requires implementation of 110 security controls across domains such as:

• Access control
• Incident response
• System and information integrity
• Risk assessment and management

Why Level 2 Impacts More Than IT Systems

CUI does not exist only in IT systems—it flows through physical infrastructure that enables defense operations, including:

• Industrial control systems
• Communications networks
• Power systems
• Tactical RF and data links

These systems are part of the same security boundary.

Physical disruptions—such as electrical surges, lightning or electromagnetic interference (EMI)—can cause system outages, corrupt data or interrupt secure communications. In a CMMC context, these failures directly impact system integrity and availability.

Cybersecurity and infrastructure resilience are interconnected.

The Role of Infrastructure Protection in Compliance

System availability is a core pillar of cybersecurity.

If infrastructure fails due to electrical or environmental events, it introduces operational risk and potential exposure of sensitive data. This aligns directly with CMMC requirements around risk management and system integrity.

Surge protection and signal protection act as part of a defense-in-depth strategy, reducing the likelihood that physical-layer disruptions escalate into cybersecurity incidents.

Solutions produced at the Hayden facility include Transtector and PolyPhaser products that support military defense programs where reliability, resilience and electromagnetic protection are essential. This includes connectivity solutions engineered for demanding military environments, including surge protection and custom surge suppression for missile defense platforms.

As the Department of Defense continues to operationalize CMMC across the defense industrial base, Infinite Electronics remains fully committed to meeting applicable requirements and supporting a secure, resilient supply chain.

Designing Defense Infrastructure for CMMC-Level Resilience

Achieving CMMC Level 2 compliance requires more than implementing cybersecurity controls at the software layer.

It requires protecting the physical systems responsible for generating, transmitting and processing data.

As enforcement accelerates—and as readiness gaps across the DIB remain evident—organizations that align both cybersecurity and infrastructure resilience will be best positioned to maintain compliance and support mission-critical operations.

How Transtector and PolyPhaser Support Defense Applications

PolyPhaser and Transtector solutions are engineered for environments where reliability and resilience are critical.

In defense applications, this includes protecting:

• Power systems from voltage transients and lightning-induced surges
• Signal and data lines from electrical disturbances
• RF and communications systems from electromagnetic interference

These solutions are deployed across military vehicles, mobile command centers, hardened shelters and fixed installations, supporting mission-critical infrastructure where electromagnetic protection and uptime are essential.

Transtector and PolyPhaser provide infrastructure protection solutions designed for mission-critical defense applications.

Read more in our press release: https://www.infiniteelectronics.com/2026/03/31/infinite-electronics-achieves-level-2-cmmc-certification-to-meet-dod-cybersecurity-requirements/

View CMMC Level 2 and other certifications here: https://www.infiniteelectronics.com/qa-and-compliance/

Frequently Asked Questions (FAQ)

What is CMMC Level 2 and why is it important?
CMMC Level 2 is a DoD cybersecurity certification focused on protecting Controlled Unclassified Information (CUI). It is standard for many defense contracts with Third-Party Assessment Organizations (C3PAOs) or self-assessment for certain programs every three years.

How does CMMC Level 2 relate to NIST SP 800-171?
CMMC Level 2 directly aligns with the 110 security controls defined in NIST SP 800-171. Certification verifies that these controls are implemented and operational.

Why does physical infrastructure matter for CMMC Level 2 compliance?
CUI flows through power, communications and control systems. Failures caused by surges, EMI or environmental conditions can disrupt operations and compromise data integrity, making infrastructure protection part of overall system security.

How do Transtector and PolyPhaser solutions support compliance efforts?
Transtector and PolyPhaser solutions protect critical systems from electrical and electromagnetic threats, improving reliability and reducing the risk of disruptions that could impact secure operations.

*Some DoD projects allow for self-certification; C3PAO is third-party validation for Level 2, achieved at the Infinite Electronics Hayden Facility for Transtector and PolyPhaser. Per the DoD, Level 2 Certification Assessment: The POA&M closeout certification assessment must be performed by an authorized or accredited C3PAO (versus Level 2 self-assessment).