CMMC and Adobe Services

Cybersecurity Maturity Model Certification (CMMC)

The Department of Defense (DoD) established CMMC as a framework to help ensure the protection of sensitive, unclassified information processed by defense contractors and subcontractors such as Adobe. DoD is phasing CMMC requirements into all defense contracts, including renewals, starting Nov. 2025.

CMMC establishes a three-tiered model of cybersecurity requirements, ranging from basic safeguards to advanced protections against sophisticated threats. CMMC Level 1 focuses on the protection of Federal Contract Information (FCI). FCI is information that is not intended for public release, provided or generated under a government contract, excluding publicly available data.

CMMC Levels 2 and 3 will be phased into defense contracts in 2026 and 2027, respectively.

Adobe’s Conformance to CMMC

Adobe has achieved CMMC Level 1 certification and is qualified to process FCI as part of defense contracts and subcontracts. Adobe partnered with our certified third-party assessor organization (C3PAO) to complete an assessment of Adobe’s enterprise security practices against the requirements of CMMC Level 1.

Adobe’s attestation to CMMC Level 1 compliance can be reviewed on DoD’s Supplier Performance Risk System (SPRS).

Adobe’s CMMC Level 1 compliance is enterprise-wide and includes all Adobe products.