Enable CMMC compliance
with Ubuntu Pro

Meet CMMC compliance requirements and improve vulnerability management with Ubuntu Pro. Strengthen your security posture to protect Controlled Unclassified Information.


The pathway to CMMC

Easy and automated security patching

Ubuntu Pro supports the CMMC requirement to remediate software vulnerabilities in a timely manner.

For over 20 years, Canonical has provided critical security fixes for all the open source applications and infrastructure components available within the Ubuntu ecosystem.


1-step FIPS compliance 

Ubuntu Pro provides FIPS 140-2 and FIPS 140-3 certified cryptographic modules that you can deploy with a single command.


STIG hardening automation 

You can automate STIG hardening with the Ubuntu Security Guide (USG). USG enables automated auditing and remediation in order to comply with the STIG benchmark. USG is available with Ubuntu Pro.


We support all CMMC levels

CMMC has 3 levels, designed to meet increasing levels of security scrutiny:

  1. Safeguarding Federal Contract Information, with an annual self-assessment
  2. Protection of Controlled Unclassified Information, with a triennial third-party assessment for critical national security information, and annual self-assessment for other cases
  3. Enhanced Protection of Controlled Unclassified Information, with a triennial government-led assessments

Most independent contractors and industry partners will use level 2, and perform an annual self-assessment of their security posture against the program requirements.


Security compliance in action

Lucid Software

Ubuntu Pro helps Lucid Software meet FedRAMP compliance for government contracts

By deploying Ubuntu Pro, Lucid acquired AWS-compatible and FIPS 140-2 certified packages and became FedRAMP compliant.


Read the case study ›
LaunchDarkly

LaunchDarkly becomes the first FedRAMP-authorized feature management platform thanks to Ubuntu Pro

Learn how a SaaS provider achieved effortless FIPS compliance on AWS.


Read the case study ›
New Mexico State University

How New Mexico State University accelerates compliant federal research with Ubuntu

When the stakes are high and national security is on the line, every decision matters. Just ask the team at New Mexico State University’s Physical Science Laboratory (PSL). Explore PSLs path towards CMMC.


Read the case study ›

Resources

Simplify security maintenance and compliance with Ubuntu Pro auto-attach for LXD guests

With the latest LXD release, Ubuntu Pro now supports auto-attachment for LXD guest instances, offering organizations a seamless way to extend Ubuntu Pro benefits across their infrastructure.

The long march towards delivering CRA compliance

The EU Cyber Resilience Act is here, and in 2027 it will require manufacturers to meet a long list of security and support standards. Here’s our advice to all developers.

What is CMMC compliance?

CMMC version 2.0 came into effect on December 26, 2023, and is designed to ensure adherence to rigorous cybersecurity policies and practices within the public sector and amongst wider industry...

CRA compliance: Things IoT manufacturers can no longer do under the CRA (and what to do instead)

In this blog, I’ll give you a thorough overview of common IoT manufacturer and PDE developer practices that need immediate attention, and how to change or improve these practices so that you...


Take the next step
towards CMMC compliance

Learn about all our security certifications


Explore pricing and find the right subscription for your needs


Ubuntu Pro provides an easy pathway to compliance. It delivers CVE patching for Ubuntu OS and Applications covering 36,000 packages, along with automated, unattended, and restartless updates, and the best tools to secure and manage your Ubuntu infrastructure developed by the publisher of Ubuntu.


Contact us Access a free trial