On Tuesday, 14 April 2026, Germany’s Rheinmetall AG announced that its US subsidiary, American Rheinmetall, had obtained Cybersecurity Maturity Model Certification (CMMC) Level 2, verified by a C3PAO (Certified Third-Party Assessor Organization) accredited by the US Department of Defense, as a defense solutions provider.
Image: Rheinmetall AG
The certification confirms implementation of the 110 security requirements set out in the NIST SP 800-171 defense standard and establishes a unified cybersecurity framework aimed at protecting Controlled Unclassified Information (CUI) across the company’s six manufacturing facilities in three states: Auburn Hills, Michigan; Biddeford, Maine; Lansing, Michigan; Lapeer, Michigan; Plymouth, Michigan; and St. Marys, Ohio – together totaling more than 1.7 million square feet of production space.
As compliance with CMMC cybersecurity certification becomes mandatory for new Department of Defense tenders, achieving Level 2 certification enables American Rheinmetall to compete for larger, more security-sensitive programs while strengthening its role as a trusted partner in military manufacturing.
“CMMC accreditation is required to perform future work within the Defense Industrial Base,” said Jasper Recto, Vice President of Information Technology at American Rheinmetall. “More importantly, it establishes a baseline security ecosystem that protects our organization from evolving cyber threats while fostering a security-conscious culture throughout the company.”
As cyber threats become increasingly sophisticated, cybersecurity in military manufacturing goes beyond technical controls. It requires enterprise-wide collaboration, leadership commitment, and disciplined operational practices.
Achieving CMMC Level 2 across multiple manufacturing facilities required several years of preparation, including the implementation of advanced security solutions, policy development, system configuration, testing, and employee training.
NIST SP 800-171, which forms the foundation of CMMC Level 2, sets out 110 security requirements and more than 320 assessment objectives. Meeting these standards required coordinated efforts across IT, leadership, operations, compliance, and the broader workforce.
“Security is not just a technical methodology, it’s a mentality,” said Matt Warnick, Chief Executive Officer at American Rheinmetall. “It must be driven by leadership, enabled by IT, and embraced across the organization. I’m especially proud of our IT team for the years of configuration and testing required, and equally proud of our employees for adopting new security measures that strengthen our overall posture.”
Cybercrime has cost the manufacturing industry billions of dollars in downtime and lost intellectual property in recent years. For defense manufacturers, protecting sensitive information is not only a regulatory requirement but also a matter of national security.
By achieving CMMC Level 2, American Rheinmetall underscores its proactive approach to mitigating cyber risk, protecting customer data, and ensuring operational continuity in an increasingly complex threat environment.
▶️ American Rheinmetall Achieves CMMC Level 2 Certification Across All Manufacturing Plantshttps://t.co/d8uh3U49u6 pic.twitter.com/XwUK6AdUG5
— Rheinmetall (@RheinmetallAG) April 14, 2026
See also: