Cybersecurity Built for the Defense Industrial Base
Software Information Resource Corporation (SIRC) is CMMC Level 1 and Level 2 Certified, reflecting our ability to safeguard sensitive government information and operate in accordance with Department of Defense (DoD) cybersecurity requirements.
Achieving both certification levels is a significant milestone and demonstrates that SIRC has implemented the policies, procedures, and controls necessary to support programs across the Defense Industrial Base (DIB). It signals to DoD customers and prime contractors that SIRC is a trusted partner capable of protecting sensitive data throughout the contract lifecycle.
What Is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) is the DoD’s unified framework for verifying that defense contractors adequately protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
Unlike self-attested security claims, CMMC requires organizations to implement and maintain defined cybersecurity practices that are subject to validation and oversight.
CMMC Level 1 – Foundational (FCI)
CMMC Level 1 focuses on basic cyber hygiene and compliance with FAR 52.204-21. SIRC’s Level 1 certification confirms implementation of all 15 required security practices.
Information Protected
Federal Contract Information (FCI)—information provided by or generated for the government under a contract that is not intended for public release.
Key Control Areas
- Access control
- Identification and authentication
- Physical protection of systems and assets
Customer Impact
- Protection of contract-related government data
- Reduced risk of unauthorized access
- Eligibility to support contracts involving FCI
CMMC Level 2 – Advanced (CUI)
CMMC Level 2 represents a significant increase in cybersecurity maturity. This level aligns with the 110 security controls defined in NIST SP 800-171, covering people, processes, and technology.
Information Protected
Controlled Unclassified Information (CUI)—sensitive data requiring safeguarding or dissemination controls, such as technical data, engineering documentation, research, and legal information.
Key Control Areas
- Incident response and reporting
- Risk assessment and risk management
- System and communications protection
- Security assessment and continuous monitoring
Customer Impact
- Protection of sensitive DoD and agency data
- Reduced cyber risk across the supply chain
- Eligibility to support defense programs involving CUI
Certification Scope & Status
SIRC’s CMMC certifications apply at the enterprise level, ensuring consistent cybersecurity controls across applicable systems, processes, and personnel.
| CMMC Unique Identifier (UID) | CMMC Status Type | Affirmation Date | Affirmation Expiration Date | CMMC Status Expiration Date | Assessment Scope | Current CAGE Status |
|---|---|---|---|---|---|---|
| S100029811 | CMMC L1 Final Self-Assessment | 11/16/2025 | 11/19/2026 | ENTERPRISE | 1PQ53 | |
| S100S20003 | CMMC L2 Final Self-Assessment | 12/17/2025 | 12/17/2026 | 12/17/2028 | ENTERPRISE | 1PQ53 |
How SIRC Applies CMMC in Practice
CMMC requirements are integrated into SIRC’s daily operations—not treated as one-time compliance events.
- Security policies aligned with CMMC and NIST SP 800-171
- Role-based access and least-privilege enforcement
- Continuous monitoring and periodic internal assessments
- Incident response planning and escalation procedures
- Leadership oversight and accountability
This operational approach ensures ongoing compliance and readiness as DoD requirements evolve.
Who Benefits
- Contracting Officers: Reduced acquisition and compliance risk
- Program Managers: Confidence in data protection and operational resilience
- Prime Contractors: Trusted small business partner aligned with DoD cybersecurity standards