FedPoint announced today that it has achieved Cybersecurity Maturity Model Certification (CMMC) Level 2, demonstrating full compliance with the security requirements of NIST Special Publication 800-171 for the protection of Controlled Unclassified Information (CUI). FedPoint’s Level 2 certification places the company among a group of the nation’s most trusted, defense‑ready administrators for business services.
FedPoint received its official CMMC certification on April 1, 2026, having met all requirements with no findings or corrective actions recommended. According to the Cyber AB, as of March 2026 only 1,074 organizations nationwide have achieved CMMC Level 2 certification, representing just 1.3% of the 80,000 contractors that the U.S. Department of War (DoW) estimates will ultimately be required to meet this standard.
As a benefits administrator providing platforms and services to the federal civilian and uniformed services communities for nearly 25 years, FedPoint maintains rigorous security, regularly reviewing and updating controls, policies and strategy to address newly emerging risks. The certification strengthens FedPoint’s standing as a trusted partner for federal and military programs, validating the company’s security posture and ability to deliver secure, reliable and modern digital services at scale.
“Achieving a CMMC Level 2 certification reflects FedPoint’s dedication and expertise in information risk management,” said Michael Crones, FedPoint’s Chief Information Officer. “This milestone speaks volumes about the pride we take in safeguarding the sensitive data of military service members and their families—and the standards we hold ourselves to on their behalf.”
Why CMMC Level 2 Matters to Federal and Military Agencies
As federal and military organizations continue to strengthen cybersecurity expectations across the defense industrial base, CMMC Level 2 certification has become an increasingly important requirement. The certification establishes a uniform, enforceable cybersecurity standard that reduces exposure to threats and limits participation to organizations with proven maturity. In doing so, it strengthens supply chain resilience, supports mission readiness, and assures agencies that sensitive information will be protected throughout the contract lifecycle.
Positioned for Expanded Federal and Military Opportunities
The DoW plans to require certification across its contracting base, and FedPoint’s early adoption positions the company ahead of a major industry‑wide compliance curve. With a cybersecurity approach designed to support both rigorous protection and agile development, the company is well‑prepared to pursue new opportunities that demand the highest levels of operational discipline and data protection.
“We see this certification as a foundational element of the critical services we provide in the Federal market.” said Ken McCarthy, FedPoint’s Director of Business Development. “CMMC Level 2 certification strengthens our ability to support federal agencies and partners on programs involving Controlled Unclassified Information, while expanding our eligibility for a broader set of mission-critical opportunities. It reflects the rigor in the systems we’ve built, and the discipline we apply to provide services across the government.”
About FedPoint
FedPoint® creates and operates digital benefits marketplaces that make it easy for its millions of federal and military customers to understand, select, and use their benefits. A wholly owned subsidiary of John Hancock Life & Health Insurance Company, FedPoint was founded in 2002 and is headquartered in Portsmouth, NH. For more information on FedPoint, visit fedpointusa.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260430717930/en/
Media gallery
