When it comes to cybersecurity, readiness is everything — and Arcfield Canada has just proven it’s mission-ready. The Calgary-based company, a trusted leader in aerospace and defence mission sustainment, has earned Cybersecurity Maturity Model Certification (CMMC) Level 2, positioning itself among the first defence firms in Canada to achieve this rigorous U.S.-based accreditation.

A Milestone in Defence Cybersecurity

The CMMC Level 2 designation represents far more than a compliance checkbox — it’s an internationally recognized validation that Arcfield Canada can safeguard Federal Contract Information and Controlled Unclassified Information to the highest standards.

Mandated by the U.S. Department of Defense, the certification framework draws from the National Institute of Standards and Technology (NIST) cybersecurity and privacy protocols. To achieve it, organizations must demonstrate adherence to 110 core security controls and hundreds of sub-controls — an intensive process designed to harden networks against evolving cyber threats.

“Achieving CMMC Level 2 certification marks a significant step forward for Arcfield Canada,” said Luc Sabourin, vice president, Arcfield Canada. “It demonstrates our unwavering commitment to protecting sensitive defence information and supporting secure mission operations, and assures our government and private sector defence partners that our information technology systems meet the highest cybersecurity standards to safeguard critical mission data and systems.”

A Strategic Move for the Future CF-35A Fleet

Arcfield Canada began its CMMC journey in early 2024 as part of preparations to support Canada’s future CF-35A fighter program. Implementing and validating every one of the required controls was no small feat — it demanded deep collaboration across teams, meticulous systems integration, and an unwavering commitment to information security excellence.

With the certification now complete, Arcfield Canada reinforces its reputation for delivering secure, compliant, and technologically advanced mission support — an essential asset as the company continues to back critical defence programs on both sides of the border.

Anticipating Canada’s Cybersecurity Framework

While CMMC is a U.S. government–driven initiative, Arcfield Canada’s proactive pursuit of the certification reflects forward-looking leadership. The company sought accreditation in anticipation of Canada’s forthcoming Cyber Security Certification (CP-CSC) program, ensuring its systems already align with expected national standards.

By achieving CMMC Level 2 before the CP-CSC rollout, Arcfield Canada not only strengthens its partnerships with U.S. defence entities but also positions itself to meet — and likely exceed — Canadian cybersecurity compliance requirements.

“Cybersecurity is foundational to every system we design, operate and sustain,” said Kevin Kelly, chairman and chief executive officer of Arcfield. “This certification demonstrates Arcfield Canada’s leadership in delivering secure solutions and reflects a company-wide culture that prioritizes cyber readiness at every level.”

Raising the Bar for Industry

In an era where digital resilience underpins every aspect of defence capability, Arcfield Canada’s achievement underscores how private-sector innovation and discipline can set new benchmarks for national security.

As cyber threats grow more sophisticated, the company’s certification demonstrates what leadership looks like in Canada’s evolving defence-industrial base — and why cybersecurity excellence has become the foundation of mission assurance.