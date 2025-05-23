Zscaler has achieved Level 2 certification under the Department of Defense’s Cybersecurity Maturity Model Certification framework.

In a press release posted on Wednesday, the company said it secured the certification through the implementation of a zero trust architecture, powered by FedRAMP-authorized Zscaler Internet Access and Zscaler Private Access – two distinct services in the Zscaler platform but both focus on verifying each user and device’s identity and access management policies before granting access to internet and SaaS app traffic or private applications within an organization.

CMMC Level 2 is given to companies that observe advanced cyber hygiene through the implementation of 110 security controls aligned with the National Institute of Standards and Technology Special Publication 800-171 for protecting controlled unclassified information.

According to Kumar Selvaraj, Zscaler’s vice president of global security compliance, securing the certification means the company’s cybersecurity offerings could help customers meet CMMC requirements. “This accomplishment underscores Zscaler’s commitment to addressing emerging regulatory mandates and dedication to delivering cloud-native trusted cybersecurity solutions (CUI assets) that protect national security interests and propel customers’ digital transformation—in lockstep,” he added.

Zscaler is currently self-assessing its CMMC Level 3 compliance as part of its strategy to support the modernization of government cybersecurity by enabling customers to adopt zero trust in line with federal mandates.

About CMMC

The DOD developed the CMMC framework to ensure government contractors adequately protect unclassified information, like federal contract information and controlled unclassified information. CMMC is organized into different levels, with each level requiring a higher degree of maturity in cybersecurity practice.

Initially, the framework only covered the defense industrial base. In October 2024, the CMMC 2.0 was released, expanding the cybersecurity standard to universities and colleges.