GCP – Securing the mission: Google Public Sector’s CMMC Level 2 certification and commitment to national security

Google Public Sector is committed to supporting the critical missions of the U.S. Department of Defense (DoD) by delivering cutting-edge cloud, AI, and data services securely. Today, we are marking an important milestone in that commitment: we have successfully achieved Cybersecurity Maturity Model Certification (CMMC) Level 2 certification under the DoD’s CMMC program.

This certification, validated by a certified third-party assessment organization (C3PAO), affirms that Google Public Sector’s internal systems used to handle Controlled Unclassified Information (CUI) meet the DoD’s rigorous cybersecurity standards for protecting CUI.

Enabling a secure partnership

This CMMC Level 2 certification is a key enabler for our partnership with the DoD. It ensures our teams can operate and collaborate within the defense ecosystem fully supporting the new DoD requirements, allowing us to serve as a trusted partner and support the mission without compromise.

Helping the Defense Industrial Base on their CMMC journey

While this certification does not extend to customer environments, we are also dedicated to helping our partners and customers across the Defense Industrial Base (DIB) on their own CMMC journeys.

Our FedRAMP-authorized cloud services, including Google Workspace, are designed to support DIB suppliers in building their CMMC-compliant solutions with secure, cutting-edge cloud, AI, and data capabilities. You can find all of our compliance resources, including guides for both Google Cloud and Google Workspace, on our central CMMC compliance page. As an example, our Google Workspace CMMC Implementation Guide provides specific configuration details and control mappings and our recent blog details how Google Workspace can help you achieve CMMC 2.0 compliance. These resources are designed to help DIB companies accelerate their own assessments and build their CMMC-compliant solutions on a secure, verified foundation.

Understanding CMMC and the DFARS connection

The CMMC program is a DoD initiative to enhance cybersecurity across the DIB. Its purpose is to verify that contractors have implemented the required security controls, based heavily on NIST Special Publication (SP) 800-171, to protect CUI and Federal Contract Information (FCI).

Many contractors are already familiar with DFARS 252.204-7012, which has long required the implementation of NIST SP 800-171. The new CMMC program is being implemented into contracts via the clause DFARS 252.204-7021. When this clause appears in a solicitation, it makes having achieved a specific CMMC level a mandatory condition for contract award.

A continued commitment to the mission

Our CMMC Level 2 certification is a direct reflection of our commitment to meeting the DoD’s stringent security requirements. It ensures we can continue to support the Department’s mission responsibly and compliantly. We remain committed to our partnership with the DoD, empowering the Defense Industrial Base with cutting-edge cloud, AI, and data services to build a more secure and resilient future.

Catch the highlights from our recent Google Public Sector Summit where we shared how Google Cloud’s AI and security technologies can help advance your mission.