On Monday, February 2, 2026, FN Herstal, operating within the Defense and Security division of Belgium’s FN Browning Group, announced that it had reached a major cybersecurity milestone by achieving CMMC (Cybersecurity Maturity Model Certification) Level 2, a stringent standard imposed by the United States Department of Defense. The certification, awarded for the next three years following an assessment conducted and approved by Redspin (part of Clearwater), places FN Herstal among the first European companies to attain this level of cyber compliance.
Image: FN Herstal
Julien Compère, Chief Executive Officer of FN Browning Group:
“Achieving this demanding certification demonstrates the high level of cybersecurity maturity attained by FN Herstal, fully aligned with the world’s most stringent cybersecurity standards. Just as we provide the world’s most demanding armed forces with innovative, highly dependable solutions, we are equally committed to meeting their highest expectations in information security.”
Brian McManamon, President of Redspin:
“As the CMMC 3rd Party Assessment Organization (C3PAO) responsible for conducting and validating this assessment, Redspin can attest to the exceptional level of rigor and preparation demonstrated by FN Herstal. Their certification signals to US and international partners that cybersecurity is embedded into how they operate, and it positions them as a leading example for European defence manufacturers engaging with the US defence industrial base.”
A Mandatory Requirement for Working with the U.S. Department of Defense
CMMC certification is based on the NIST 800-171 Revision 2 standard and ensures the protection of Controlled Unclassified Information (CUI) within defense-related contracts. In a world where increasingly sophisticated and aggressive cyberattacks routinely target ministries of defense and their contractors, safeguarding such data has become an essential and mandatory requirement for any supplier or subcontractor working with the U.S. Department of Defense.
One of the Most Demanding Assessments
The assessment process carried out at FN Herstal was marked by an exceptionally high level of rigor. Under CMMC certification, a total of 110 controls and 320 objectives are evaluated. To meet these requirements, FN Herstal invested in governance, advanced tools, strengthened cybersecurity policies, and extensive employee awareness initiatives.
This two-and-a-half-year, group-wide effort has provided FN Herstal and the entire FN Browning Group with an exceptionally robust level of cybersecurity, delivering long-term benefits to the Group and all of its customers.
A Strategic Step Forward for FN Herstal
CMMC certification enhances FN Herstal’s ability to secure or renew critical contracts with the U.S. Department of Defense, strengthens the Group’s competitiveness in international markets, and prepares the organization for future certifications. It represents a pioneering competitive advantage within the European market.
See also: