Keyfactor Secures CMMC Level 2 Certification for Federal PKI-as-a-Service
Event summary
- Keyfactor achieved CMMC Level 2 certification on January 20, 2026, following an independent assessment by an accredited C3PAO.
- The certification validates that Keyfactor's federal PKI-as-a-Service (PKIaaS) enclave meets 110 security controls aligned with NIST SP 800-171.
- This certification enables Keyfactor to protect Controlled Unclassified Information (CUI) and meet U.S. Department of Defense cybersecurity requirements for contractors.
- Keyfactor's CMMC Level 2 certification builds on its existing FedRAMP 'In Process' authorization.
The big picture
Keyfactor's CMMC Level 2 certification underscores its commitment to meeting stringent federal cybersecurity standards, aligning with the growing emphasis on operational consistency and auditability across the defense supply chain. This move positions Keyfactor to support customers in maintaining compliance amid shrinking certificate lifespans and emerging post-quantum requirements, addressing critical needs in highly regulated environments.
What we're watching
- Regulatory Compliance
- How Keyfactor's CMMC Level 2 certification will position it to win contracts within the Defense Industrial Base.
- Market Differentiation
- Whether Keyfactor can leverage this certification to stand out among competitors in the digital trust space.
- Future-Proofing
- The pace at which Keyfactor can integrate post-quantum cryptography solutions to stay ahead of evolving defense security expectations.