Medicine Technology 🌱 Environment Space Energy Physics Engineering Social Science Earth Science Science
Home Technology Southwest Research Institute Achieves Independent CMMC Level 2 Cybersecurity Certification
Technology 2026-03-03 2 min read

Southwest Research Institute Achieves Independent CMMC Level 2 Cybersecurity Certification

SwRI's Intelligent Systems and Mechanical Engineering divisions have completed a rigorous third-party audit confirming compliance with 110 NIST-aligned security requirements governing federal contract work.

Southwest Research Institute, the San Antonio-based applied research organization that works across automotive, aerospace, defense, and medical technology sectors, has completed Cybersecurity Maturity Model Certification at Level 2 - the first tier that requires an independent, third-party assessment rather than a self-attestation. The certification covers the Institute's Intelligent Systems Division and Mechanical Engineering Division.

The achievement positions SwRI as an early adopter of CMMC compliance during a period when the federal government is still implementing mandatory requirements for defense contractors. Companies working on federal contracts that involve controlled unclassified information will eventually be required to hold CMMC certification at the appropriate level; many are still working toward that goal.

What CMMC Certification Requires

The Cybersecurity Maturity Model Certification program was created by the U.S. Department of Defense to establish a consistent framework for verifying that contractors adequately protect sensitive government information. The program draws its technical requirements from the National Institute of Standards and Technology's Special Publication 800-171, which addresses security for controlled unclassified information in non-federal systems.

Level 2 certification requires satisfying 110 distinct security requirements spanning 14 domains: access controls, awareness and training, audit and accountability, configuration management, identification and authentication, incident response, maintenance, media protection, personnel security, physical protection, risk assessment, security assessment, system and communications protection, and system and information integrity.

The key distinguishing feature of Level 2 is that organizations cannot self-certify. An independently authorized Third-Party Assessment Organization (C3PAO) must conduct the audit and verify compliance. SwRI engaged that process and received certification valid for three years, with annual affirmations of ongoing compliance required in the interim.

What SwRI's Leadership Said

"Our leadership has made a significant investment into CMMC," said Stephan Polinsky, SwRI's chief information security officer. "SwRI is working to integrate these practices into business lifecycles to ensure consistent adherence to secure procedures across the organization for years to come."

Dr. Steve Dellenback, vice president of the Intelligent Systems Division, emphasized the value of the independent verification component. "This independent assessment demonstrates a commitment to the rigor of the process. We are proud to be an early adopter and to have achieved the Level 2 certification."

Dr. Barron Bichon, vice president of the Mechanical Engineering Division, framed the certification in terms of client benefit: "Adhering to the CMMC program increases our cybersecurity capabilities, allowing us to better protect our clients' data. And over time, the entire Institute and our clients will benefit through a culture that promotes maturing processes."

Context for the Defense Research Sector

SwRI performs research and development for government and commercial clients across transportation, energy, defense, space, and health sciences. Work involving government-classified or sensitive defense-related information requires demonstrable information security protections, and CMMC Level 2 addresses the middle tier of that requirement framework - organizations handling sensitive but unclassified defense information rather than classified material, which falls under a separate security regime.

The CMMC program has undergone several revisions since its introduction, and the timeline for mandatory compliance has been adjusted multiple times as the Department of Defense refined implementation details. The current version, CMMC 2.0, reduced the original five-tier structure to three levels and relaxed some requirements relative to the earlier draft. SwRI's certification under the current framework suggests the organization has positioned itself ahead of the compliance curve for federal contractors in its sector.

The three-year certification period and annual compliance affirmations reflect the program's recognition that cybersecurity is not a one-time achievement but an ongoing organizational practice.

Source: Southwest Research Institute press release, March 3, 2026. Media contact: Robert Crowe, rcrowe@swri.org, 210-522-4630.

Related Press Releases

Healthcare Workers Report That Their Own Drug and Alcohol Use Degrades Patient Care

2026-03-03

A Desert Bacterium Survived Simulated Mars-Ejection Pressures. Now Scientists Ask What That Means.

2026-03-03

UCLA's Sylvia Hurtado Elected AERA President-Elect in 2026 Vote

2026-03-03

Mount Sinai and Saudi Arabia Launch Three-Year Study of Families With Multiple IBD Cases

2026-03-03

GPT-4o Summaries of Historical Events Pushed Readers Toward More Liberal Conclusions Than Wikipedia

2026-03-03

Prenatal Opioid Exposure Linked to Higher Healthcare Costs and Worse School Outcomes Through Age 18

2026-03-03

Latest Press Releases

Gladstone Institutes expands research footprint with 105,000 square feet of new laboratory space

2026-03-25

The Center for Open Science welcomes Chris Bourg and Marcus Munafò to its board of directors

2026-03-25

Digital CBT reduced cardiac-related anxiety and improved disease-specific health status following heart attack

2026-03-25

Lifestyle Medicine Whole Person Health Index closes a critical gap in clinical whole-person care

2026-03-25

‘Spin-flip’ in metal complexes can help solar cells leap beyond limits

2026-03-25

Breaking the durability–degradability trade-off in polymers

2026-03-25

JMIR Publications and the University of Nevada, Las Vegas announce flat-fee unlimited open access publishing partnership

2026-03-25

Cellular ‘atlas’ of prostate cancer opens new avenues for earlier detection

2026-03-25

FAU-collaborative NSF study: Stem teacher pipeline shows resilience amid challenges

2026-03-25

Global, China–US burden of hematological malignancies: New data reveals trends and risks

2026-03-25

Digital Science acquires Ontopic to accelerate the customer journey for enterprise knowledge graphs

2026-03-25

Immune cells speak the language of nerves: HKU team reviews emerging roles of neurotransmitters in immunity

2026-03-25

Scientists find “blink of an eye” timing in how we use our brains to learn and move

2026-03-25

First microlasers capable of detecting individual molecules and ions could one day aid diagnosis

2026-03-25

Wristband enables wearers to control a robotic hand with their own movements

2026-03-25

Broad collaboration produces high-resolution atlas of developing human brain

2026-03-25

Scientists discover pathway that activates brown fat

2026-03-25

Tracking bacteria’s protective armor could help find targeted vaccine targets

2026-03-25

Graphene receivers bring energy-efficient 6G hardware closer to reality

2026-03-25

Is it a snake or a lizard? Understanding the Formosan legless lizard

2026-03-25