Skip navigation
Industry News

What is CMMC? Learn How the Defense Industrial Base Can Easily Meet Cyber Hygiene Standards

New Cybersecurity Certification Requirements for Defense Contractors

The Department of Defense (DoD) will require the Defense Industrial Base (DIB) —which consists of more than 300,000 contractors — to go through third-party assessments and achieve the Cybersecurity Maturity Model Certification (CMMC) cybersecurity certification. 

The required level of certification will depend on the sensitivity of the information the contractor handles, starting with level one to safeguard Federal Contract Information (FCI) up to level five to protect the most sensitive controlled information from Advanced Persistent Threats (APTs). 

What is CMMC?

The DoD published new cybersecurity certification requirement contractors called the CMMC version 1.0 on January 30, 2020. CMMC consists of 5 maturity levels across 17 capability domains encompassing 43 capabilities, which are borrowed from the [Defense] Federal Acquisition Regulation Supplement (FARS/DFARS) - Controlled Unclassified Information (CUI) regulation and NIST SP 800-171.  

                                               Source: Cybersecurity Maturity Model Certification Version 1.0

How Duo Can Help

Duo provides government agencies with best-in-class security technology and a trusted partnership that can help build and maintain a well-rounded security program. We believe that by focusing on security fundamentals and best practices, you can easily achieve compliance and reduce cybersecurity risk.

Improve Cyber Hygiene

In today’s age of phishing and stolen credentials, security professionals consider multi-factor authentication (MFA) a basic cyber hygiene. Requirements for strong user and device authentication are outlined in the National Institute of Standards and Technology (NIST) 800-53/63/171 and the updated NIST Cybersecurity Framework (CSF 1.1). 

Duo provides defense contractors easy and effective security capabilities across multiple domains including Access Control (AC), Identification and Authentication (IA) and Audit and Accountability (AU).     

“Duo has increased the level of security in the business to the point that IT can sleep well at night knowing the business has the best two-factor authentication protecting the environment.”

                                         - Charles Basile, IT Administrator, Teledyne Technologies

Speed to Security

Deploying or replacing a MFA solution can seem like a daunting task. Many customers choose Duo because they deploy and roll out Duo in a week. This is possible because Duo can easily integrate with hundreds of applications in hybrid environments. To ensure rapid deployment,  Duo has out-of-the-box integrations with local Windows logon, Linux and Unix consoles, remote access VPNs, and cloud applications, such as Office 365, Salesforce, Box, and Google. Duo’s simple one-tap, push notification-based authentication enables faster and greater end-user adoption. Duo also offers integration with OTP-based hard tokens and YubiKeys that meet FIPS 140-2 requirements.

“Duo is the most successful end-user facing solution I've ever been involved in deploying.”

                                             - Lance Honer, Manager of Cybersecurity, Day And Zimmermann

Out-of-the-Box Compliance with Duo’s Federal Editions

While the DoD’s regulation does not explicitly require a FedRAMP authorized solution, Duo’s  federal editions are FedRAMP authorized and provide the following benefits at no additional cost:

  1. End-To-End FIPS Capable: Duo federal editions provide FIPS capable implementations from end-to-end for easy-to-use access control and authentication.

  2. Telephony Removed: Duo federal editions remove telephony authenticators to align with NIST SP 800-63-3b, which considers telephony “restricted authenticators.”

  3. Easy to Deploy AAL2 Authenticators; Supports AAL3 Authenticators: Both Duo federal editions support Authentication Assurance Level 2 (AAL2) authenticators with Duo Push or Duo Mobile Passcode for both iOS and Android Devices out of the box and by default with no additional configuration required. Duo also supports AAL3 authenticators, like U2F security keys (FIPS YubiKey from Yubico) and compatible HOTP keyfobs.

  4. Protect Every Application: On-Premises, Cloud & Hybrid: Duo’s federal editions protect on-premises, cloud and hybrid applications for all federal workloads and ensure device health - wherever you are in your cloud and IT modernization journey, Duo federal editions deliver the best defense.


As the DoD continues to power ahead with the rollout of CMMC, defense contractors would do well by being ready for the impending certification. By complying with CMMC requirements, contractors can enhance their system security plan (SSP) and gain a competitive edge in winning defense contracts.

--Check out how Day & Zimmermann use Duo to meet NIST and DFARS requirements.

--Watch our on-demand videos to learn how you can meet those requirements within a week.

--Get started today by signing-up for a free trial of Duo’s federal edition today.

Try Duo For Free.

With our free 30-day trial you can see for yourself how easy it is to get started with Duo and secure your workforce, from anywhere and on any device.