Christine Thropp
The Actus procurement workflow automation platform of Paperless Innovations has complied with Level 2 requirements set by the Cybersecurity Maturity Model Certification 2.0 model.
The updated cybersecurity framework was released in November 2021 to assess defense contractors’ capability to handle and safeguard Federal Contract Information and Controlled Unclassified Information, the company said.
Level 2 compliance is required for CUI contracts with the Department of Defense in most cases. The practices and controls in the said level align with the 110 security requirements specified in NIST SP 800-171.
Commenting on Actus’ compliance with CMMC 2.0 Level 2, Paperless Innovations President Mike Tocci said, “Although commercial off the shelf products are generally exempted from CMMC compliance, the company has committed to protecting government data beyond the base requirements for our configurable [software as a service] platform.”
Overall, the three increasingly progressive levels of the CMMC 2.0 framework are meant to streamline compliance, underscore DOD information security and promote government-industry cooperation against cyberthreats.
“Actus is fully capable of meeting DOD CUI and cybersecurity requirements as evidenced by achievement of these milestones,” said Tocci, who also pointed to the platform’s anticipated listing on the Federal Risk and Authorization Management Program marketplace.
