American Rheinmetall Achieves CMMC Level 2 Certification Across All Manufacturing Plants

The company completed its final audit in February, bringing its entire manufacturing footprint into full CMMC Level 2 compliance.

The CMMC Level 2 certification, assessed by a Certified Third-Party Assessor Organization (C3PAO), validates implementation of the 110 security requirements outlined in NIST SP 800-171. The certification establishes a standardized cybersecurity framework designed to safeguard sensitive defense information throughout the Defense Industrial Base.

Strengthening Readiness for Future Defense Programs

With CMMC compliance becoming mandatory for new DoW contract solicitations, Level 2 certification positions American Rheinmetall to compete for larger, more security-sensitive programs while reinforcing its role as a trusted defense manufacturing partner.

“CMMC accreditation is required to perform future work within the Defense Industrial Base,” said Jasper Recto, Vice President of Information Technology at American Rheinmetall. “More importantly, it establishes a baseline security ecosystem that protects our organization from evolving cyber threats while fostering a security-conscious culture throughout the company.”

As cyber threats grow increasingly sophisticated, cybersecurity in defense manufacturing extends beyond technical controls. It requires enterprise-wide collaboration, leadership commitment, and disciplined operational practices.

Company-Wide Cybersecurity Commitment

Achieving CMMC Level 2 across multiple manufacturing plants required several years of preparation, including implementation of advanced security solutions, policy development, system configuration, testing, and employee training.

NIST 800-171, the foundation of CMMC Level 2, maps 110 security requirements to more than 320 assessment objectives. Meeting these standards required coordinated efforts across IT, leadership, operations, compliance, and the broader workforce.

“Security is not just a technical methodology, it’s a mentality,” said Matt Warnick, Chief Executive Officer at American Rheinmetall. “It must be driven by leadership, enabled by IT, and embraced across the organization. I’m especially proud of our IT team for the years of configuration and testing required, and equally proud of our employees for adopting new security measures that strengthen our overall posture.”

Protecting Critical Information in a High-Risk Environment

Cybercrime has cost the manufacturing industry billions of dollars in downtime and intellectual property loss in recent years. For defense manufacturers, safeguarding sensitive information is not only a regulatory requirement but a national security imperative.

By achieving CMMC Level 2, American Rheinmetall demonstrates its proactive approach to mitigating cyber risk, protecting customer data, and ensuring operational continuity in an increasingly complex threat landscape.

About Rheinmetall in the U.S.

The Rheinmetall family of U.S. companies includes American Rheinmetall in Auburn Hills, MI (HQ), Biddeford, ME, Lansing, MI, Lapeer, MI, Plymouth, MI, and St. Marys, OH, American Rheinmetall Munitions in Camden, AR, Texarkana, TX (Expal USA), Vienna, VA (HQ), and Windham, ME, and U.S. corporate parent American Rheinmetall Defense in Vienna, VA.

www.rheinmetall-us.com