ATI Receives CMMC 2.0 Certification

June 24, 2025 Nera Fernando
0 Comment
News
Slide

ATI Receives CMMC 2.0 Certification

ATI is excited to announce that we are now CMMC Level 2 (C3PAO) certified with an assessment score of 110, meeting all NIST SP 800-171 Revision 2 security requirements after an independent assessment conducted by Cybersec Investments, a Certified Third-Party Assessor Organization (C3PAO) in accordance with the CMMC requirements codified in CFR Title 32, Part 170.

We made it through this very rigorous assessment process thanks to an amazing job by our CCP Yehen Wijedoru and C3PAO Cybersec
What are the CMMC Requirements?
CMMC is a DoD regulatory framework created to ensure DoD contractors and subcontractors securely handle two categories of sensitive government information: Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). Among other requirements, CMMC mandates contractors and subcontractors handling CUI obtain third-party assessments and, in turn, certifications verifying their compliance with the 110 cybersecurity controls set forth in National Institute of Standards & Technology Special Publication 800-171A (NIST SP 800-171A) and, where required, NIST SP 800-172A.

On October 11, 2024, the Department of Defense (DoD) released a final rule (the “Final Program Rule”) formalizing the requirements, assessment processes, and related governance for its Cyber Maturity Model Certification Program (CMMC). Importantly, publication of the Final Program Rule does not immediately implement the DoD’s CMMC contract requirements. Instead, the trigger for CMMC’s implementation for contractors is tied to a separate CMMC rule (the “CMMC Clause Rule”), which is currently in a proposed rule and will likely not be finalized until approximately the 3rd Quarter of 2025. However, the release of the Final Program Rule allows CMMC Certified Third-Party Assessment Organizations (C3PAOs) to begin assessing contractor compliance against the CMMC framework and allows contractors to get a head start on developing compliance programs prior to enforcement.
Phase 1: Begins on the effective date of the CMMC Clause Rule.
• DoD can begin to include requirements for Level 1 or Level 2 self-assessments in all applicable DoD solicitations and contracts as a condition of contract award.
• DoD may choose to include Level 1/Level 2 self-assessment requirements in options to exercise active DoD contracts.
• DoD may choose to include Level 2 C3PAO assessment requirements in place of Level 2 self-assessment requirements in applicable DoD solicitations and contracts.

Phase 2: Begins one year following the effective date of the CMMC Clause Rule.
• In addition to Phase 1 allowances, DoD can begin to include Level 2 C3PAO assessment requirements in applicable DoD solicitations and contracts as a condition of contract award.
News
News
Nera Fernando

Leave a Reply Text

Your email address will not be published. Required fields are marked *

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.