Darley completes CMMC Level 2 assessment for Controlled Unclassified Information
Iain Hoey
Share this content
Darley completes CMMC Level 2 certification
Darley has achieved Cybersecurity Maturity Model Certification (CMMC) Level 2 after an independent assessment, confirming compliance with current US Department of War cybersecurity requirements for handling Controlled Unclassified Information (CUI).
The company announced the result on Monday 8 December 2025 from Itasca, Illinois, US.
According to Darley, the certification followed a detailed review by a Certified Third-Party Assessment Organization (C3PAO).
The company supplies defence, fire and emergency services equipment to government and other customers.
Darley stated that CMMC Level 2 is now required for bidding on many US defence contracts as of November 2025.
CMMC framework and Darley security controls
Darley reported that CMMC 2.0 Level 2 confirms it has implemented all 110 security controls defined in National Institute of Standards and Technology Special Publication 800-171 (NIST SP 800-171).
These controls cover the protection of CUI across systems, processes and policies.
The company said the certification places Darley among a limited set of defence contractors that have completed the Level 2 C3PAO assessment process.
Darley cited figures indicating that 575 companies have reached this stage to date.
The company added that more than 7,000 organisations have instead recorded a Level 1 self-assessment score in the Supplier Performance Risk System (SPRS).
CMMC 2.0 Level 2 is designed for contractors that process, store or transmit CUI on behalf of the US government.
Customer confidence and Darley’s cyber posture
Darley stated that the CMMC Level 2 result is intended to give defence customers assurance about how it manages sensitive information.
The company linked the certification to its wider approach to risk mitigation in the defence supply chain.
It said the process required investment in people, processes and technology to maintain a secure operating environment.
According to Darley, the use of an accredited C3PAO provided independent confirmation of its readiness for evolving Department of War expectations.
The company added that the certification is now a core element of its position as a supplier of defence, fire and emergency services equipment to US government partners.
Leadership reaction to CMMC Level 2 outcome
Paul Darley, President & CEO of Darley, said: “Achieving CMMC Level 2 certification is a significant milestone for our company and our customers.
“It demonstrates our dedication to protecting sensitive information and meeting the highest standards of cybersecurity.”
Darley stated that the certification is intended to support continuity of service for existing government partners.
The company added that it also opens access to future tenders where CMMC Level 2 is a stated prerequisite.
It indicated that CMMC compliance will remain an ongoing focus as Department of War cybersecurity mandates continue to develop.