Compliance evidence
CMMC — domain & certificate controls
Defense Industrial Base (DIB) contractors handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI).
Authority: US Department of Defense (DoD)
What CMMC actually requires
CMMC 2.0 has three levels. Level 1 (Foundational) applies to FCI handlers, Level 2 (Advanced) to CUI handlers, Level 3 (Expert) to the most sensitive CUI. Level 2 aligns with NIST SP 800-171, whose SC (System and Communications) family covers TLS certificate health.
Full name: CMMC 2.0 (Cybersecurity Maturity Model Certification).
Controls that touch certificates and domains
These are the 3 controls most directly affected by TLS certificate and domain lifecycle. CertRadar produces evidence bundles mapped to each.
| Control | Title | How CertRadar helps |
|---|---|---|
SC.L2-3.13.8 | Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission | TLS certificate validity and cipher strength are direct evidence. |
SC.L2-3.13.11 | Employ FIPS-validated cryptography when used to protect the confidentiality of CUI | Certificate signature algorithms must be FIPS-approved. |
SI.L2-3.14.3 | Monitor system security alerts and advisories and take action in response | Cert-expiry alerts fall under security alerts. |
What the evidence pack contains
CertRadar’s one-click export for CMMC includes:
- SSP-aligned certificate inventory
- FIPS algorithm compliance per certificate
- Monitoring evidence tied to SI.L2-3.14.3
Example domains in CMMC scope
Representative domains often monitored for CMMC evidence. Check any of them live:
Ship the CMMC evidence your auditor asks for.
CertRadar gives security, IT, and compliance teams a complete inventory of every domain and cert your company owns — plus a one-click evidence pack mapped to CMMC controls. Beta in weeks. Early members get a lifetime Pro discount.
Join the waitlist