BlackBerry Blog
  1. BlackBerry Blog
  2. 2025
  3. 10
  4. Why CMMC 2.0 Compliance Depends on a Foundation of Secure Communications

Beyond Checking the Boxes: Why CMMC 2.0 Compliance Depends on a Foundation of Secure Communications

SECURE COMMUNICATIONS / 10.27.25 / BlackBerry Secure Communications

The landscape of government contracting is undergoing a profound transformation with the roll out of the updated Cybersecurity Maturity Model Certification, or CMMC 2.0. Starting November 10, 2025, Department of War (DoW) contracting officers will begin including the CMMC contract clause (DFARS 252.204-7021) in an increasing number of new solicitations and contracts.  

No longer a recommendation, strict cybersecurity measures are now a mandatory prerequisite for any organization handling Controlled Unclassified Information (CUI). The key requirement for CMMC 2.0 Level 2 (Advanced) is the thorough implementation of the protections outlined in NIST Special Publication (SP) 800-171 Rev. 2.

Adhering to the requirements of CMMC 2.0 Level 2 means embedding security into every aspect of an operation. While the framework’s 110 NIST SP 800-171 controls may seem daunting, secure communications consistently emerge as a critical vulnerability.

With its decades of experience securing government and enterprise communications, BlackBerry stands out as an indispensable partner, providing the foundational tools that do not just help with CMMC 2.0, but make it truly achievable.

The CMMC 2.0 Imperative: Protecting Controlled Unclassified Information (CUI) Everywhere

At its core, CMMC 2.0 Level 2 mandates the protection of CUI wherever it resides, whether it is stored on a server, processed on a laptop, or, crucially, transmitted via email, voice call, or instant message. These controls are about more than just protecting physical servers; they secure the flow of sensitive information across an increasingly distributed and mobile workforce. Each interaction and communication is a potential vector for a breach if not adequately secured.

As such, the CMMC 2.0 Level 2 framework explicitly demands compliance measures for:

  • Access Control (AC): Who can communicate with whom, and under what conditions
  • Identification and Authentication (IA): Verifying the identity of every participant in a communication.
  • System and Communications Protection (SC): Ensuring the confidentiality and integrity of CUI during transmission.
  • Media Protection (MP): Preventing unauthorized disclosure of CUI from communication platforms.
  • Audit and Accountability (AU): Plan for, detect and respond to cyberattacks or security breaches by maintaining records of all communications for compliance and incident investigation.

Achieving these levels of control is where BlackBerry® Secure Communications becomes not just beneficial, but fundamentally necessary.

BlackBerry: The Foundation for CMMC 2.0 Communication Security

BlackBerry's approach to secure communications is rooted in a "security-first" philosophy that aligns perfectly with the stringent requirements of CMMC 2.0. Let's break down how our Secure Communications solutions address the core challenges:

1. End-to-End Encryption: The Bedrock of CUI Protection

The most direct way BlackBerry supports CMMC 2.0 is through its unparalleled commitment to end-to-end encryption (E2EE) that also protects metadata. BlackBerry® SecuSUITE® uses FIPS 140-2 compliant modules to provide validated end-to-end encryption for voice calls, texts, file transfers, and more. This is critical for the System and Communications Protection (SC) and Media Protection (MP) domains.

  • CUI in Transit: When classified information is discussed over a call or shared via message, BlackBerry E2EE allows only the intended recipients to access the content. Even if intercepted, the information remains unintelligible to unauthorized parties, directly fulfilling the requirement to protect CUI while in transit.
  • Data Loss Prevention (DLP): Within the secure environments provided by BlackBerry® UEM, robust DLP features enable cryptographic separation of the work environment to prevent CUI from being copied, pasted, screenshotted, or exported to unsecured applications. This directly addresses Media Protection requirements, stopping accidental or malicious data exfiltration from communication channels.

2. Assured Identity and Access: Knowing Who You're Talking To (AC, IA)

CMMC 2.0 places a heavy emphasis on knowing who is accessing CUI and who is communicating it. BlackBerry Secure Communications solutions excel here:

  • Multi-Factor Authentication (MFA): Access to BlackBerry secure applications and containers protected by strong MFA are a non-negotiable for Identification and Authentication (IA). This ensures that even if credentials are compromised, unauthorized individuals cannot gain access to CUI-related communications.
  • Cryptographic Identity Verification: BlackBerry SecuSUITE goes beyond simple authentication to use cryptographic identity verification for all call participants. This high-assurance method ensures that "person X" on the call is verifiably "person X," preventing impersonation – a critical control for environments handling sensitive national security information.
  • Granular Access Controls: BlackBerry UEM allows administrators to define role-based access controls (RBAC), dictating who can use which communication tools and access specific CUI-related applications based on their role and clearance. This directly supports the Access Control (AC) domain.

3. Auditability and Accountability: The Paper Trail of Compliance (AU)

CMMC 2.0 Level 2 mandates comprehensive audit trails for all system activities involving CUI. This is where the accountability requirement of CMMC and BlackBerry solutions come together seamlessly.

  • Tamper-Proof Logs: BlackBerry Secure Communications suite meticulously log all relevant events – call initiation, message sending, file sharing, policy changes, and access attempts. These logs are designed to be tamper-proof, providing an immutable record for auditing.
  • Centralized Visibility: Administrators gain centralized visibility into communication activities within their secure domain, making it easier to monitor compliance, investigate security incidents, and generate the necessary reports for CMMC audits, directly addressing Audit and Accountability (AU) requirements.

4. Securing the Digital Workplace: Protecting CUI on Every Endpoint

Beyond communications, the modern workforce is mobile. Laptops, smartphones, and tablets are often the primary tools for collaboration. BlackBerry UEM secures the digital workplace that encompasses communications, email, documents, and business applications within a secure container on any device, be it corporate-owned or BYOD.

  • Device Posture and Compliance: UEM allows only compliant devices (e.g., those with up-to-date patches, encryption enabled) to access CUI.
  • Data Isolation: By creating a secure "work persona" on a device with cryptographic separation between work and personal environments, CUI and secure communications are isolated from personal apps and data, preventing accidental data leakage and significantly mitigating risks in mobile environments.

The BlackBerry Advantage: Experience and Trust

Government contractors face immense pressure to achieve CMMC 2.0 compliance, often with limited resources. Relying on solutions from a company with a proven track record in high-stakes government security offers a distinct advantage:

  • Government-Grade Security: BlackBerry has a long-standing history of securing some of the world's most sensitive government communications. BlackBerry Secure Communications solutions are engineered and certified to meet the most rigorous government security standards (e.g., FIPS 140-2, Common Criteria, FedRAMP). This pre-built assurance significantly de-risks the CMMC journey.
  • Integrated Solutions: Instead of cobbling together disparate tools that may not integrate seamlessly, BlackBerry offers a comprehensive suite of solutions that work together, reducing complexity and potential security gaps.
  • Focus on the User Experience: While highly secure, BlackBerry Secure Communications solutions are designed to be intuitive, ensuring that employees adopt with ease, thereby strengthening the overall security posture of the organization.

Secure Communications as the Cornerstone of Compliance

CMMC 2.0 is more than a checklist; it is an opportunity to strengthen the national defense supply chain. For government contractors, achieving Level 2 compliance is non-negotiable, and the ability to conduct secure communication of CUI is vital.

Here is an overview of the key CMMC 2.0 Level 2 criteria and how BlackBerry Secure Communications solutions address the most relevant control domains:

CMMC 2.0 (NIST SP 800-171) Domain Main Criteria How BlackBerry Secure Communications Keeps You CMMC 2.0 Compliant

Access Control (AC)

 Limit access to CUI to authorized users, processes, and devices (Least Privilege). Control system-level access and enforce session locks. BlackBerry UEM enforces Role-Based Access Controls (RBAC), ensuring only authenticated and authorized users on compliant devices can access CUI applications. BlackBerry UEM provides secure containers that isolate work data from personal data and allow for remote access revocation if a device is lost or non-compliant.

Identification & Authentication (IA)

 Enforce Multi-Factor Authentication (MFA) for local and remote access. Implement password complexity, prevent reuse, and protect authentication data cryptographically. BlackBerry solutions enforce Multi-Factor Authentication (MFA) for accessing the secure environment and use cryptographic identity verification to authenticate every user in secure communication apps (like BlackBerry SecuSUITE), which is a high-assurance requirement.
System and Communications Protection (SC)

Protect the confidentiality of CUI at rest and in transit using FIPS-validated cryptography. Monitor and control communications, especially for mobile devices.

BlackBerry SecuSUITE provides end-to-end encrypted voice, messaging, and file transfer using government-grade, FIPS 140-2 validated encryption to protect CUI in transitBlackBerry UEM ensures CUI is protected on mobile devices by enforcing encryption for data at rest within the secure container.

Media Protection (MP)

Protect CUI on digital media during transport and storage. Mark media clearly and sanitize/destroy media before disposal or reuse.

 BlackBerry UEM helps control and manage removable media use on endpoints. More importantly, it enforces Data Loss Prevention (DLP) controls within secure applications to prevent unauthorized export, screenshotting, or copy/pasting of CUI from the secure container to unmanaged personal areas of a device.
Audit and Accountability (AU)

Create, maintain, and protect audit records (logs) of user activities, component failures, and security events to support accountability.

 BlackBerry Secure Communications solutions are designed for full auditability. They log every action (e.g., messages sent, files shared, configuration changes) and provide tamper-proof records and integrated reporting to simplify the CMMC audit process and demonstrate compliance.

Incident Response (IR)

Establish and test an operational incident-handling capability. Track, document, and report incidents.

 While the full IR plan is a procedural requirement, BlackBerry® AtHoc® (Critical Event Management/Crisis Communications) can be used to provide the real-time, secure, and acknowledged communication needed to execute the incident response plan quickly and reliably across an organization and with relevant officials, even when networks are compromised.


With CMMC 2.0 coming into force, secure communication isn’t a nice-to-have, it is essential for continued success in the defense industrial base.

By leveraging BlackBerry Secure Communications solutions, contractors can confidently meet the stringent requirements of NIST SP 800-171 across multiple critical domains. BlackBerry helps ensure that CUI is safeguarded at every stage of its lifecycle, from initial creation to final communication, helping DoW achieve CMMC 2.0 compliance while also enabling more resilient operations.

BlackBerry can help you get ready for CMMC 2.0. Reach out to our experts now. 

Related Reading

For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.

BlackBerry Secure Communications

About BlackBerry Secure Communications

Back