Enable CMMC compliance
with Ubuntu Pro
Meet CMMC compliance requirements and improve vulnerability management with Ubuntu Pro. Strengthen your security posture to protect Controlled Unclassified Information.
The pathway to CMMC
Easy and automated security patching
Ubuntu Pro supports the CMMC requirement to remediate software vulnerabilities in a timely manner.
For over 20 years, Canonical has provided critical security fixes for all the open source applications and infrastructure components available within the Ubuntu ecosystem.
1-step FIPS compliance
Ubuntu Pro provides FIPS 140-2 and FIPS 140-3 certified cryptographic modules that you can deploy with a single command.
STIG hardening automation
You can automate STIG hardening with the Ubuntu Security Guide (USG). USG enables automated auditing and remediation in order to comply with the STIG benchmark. USG is available with Ubuntu Pro.
We support all CMMC levels
CMMC has 3 levels, designed to meet increasing levels of security scrutiny:
- Safeguarding Federal Contract Information, with an annual self-assessment
- Protection of Controlled Unclassified Information, with a triennial third-party assessment for critical national security information, and annual self-assessment for other cases
- Enhanced Protection of Controlled Unclassified Information, with a triennial government-led assessments
Most independent contractors and industry partners will use level 2, and perform an annual self-assessment of their security posture against the program requirements.
Security compliance in action
Ubuntu Pro helps Lucid Software meet FedRAMP compliance for government contracts
By deploying Ubuntu Pro, Lucid acquired AWS-compatible and FIPS 140-2 certified packages and became FedRAMP compliant.
Read the case study ›
LaunchDarkly becomes the first FedRAMP-authorized feature management platform thanks to Ubuntu Pro
Learn how a SaaS provider achieved effortless FIPS compliance on AWS.
Read the case study ›
How New Mexico State University accelerates compliant federal research with Ubuntu
When the stakes are high and national security is on the line, every decision matters. Just ask the team at New Mexico State University’s Physical Science Laboratory (PSL). Explore PSLs path towards CMMC.
Read the case study ›
Resources
Simplify security maintenance and compliance with Ubuntu Pro auto-attach for LXD guests
With the latest LXD release, Ubuntu Pro now supports auto-attachment for LXD guest instances, offering organizations a seamless way to extend Ubuntu Pro benefits across their infrastructure.
The long march towards delivering CRA compliance
The EU Cyber Resilience Act is here, and in 2027 it will require manufacturers to meet a long list of security and support standards. Here’s our advice to all developers.
What is CMMC compliance?
CMMC version 2.0 came into effect on December 26, 2023, and is designed to ensure adherence to rigorous cybersecurity policies and practices within the public sector and amongst wider industry...
CRA compliance: Things IoT manufacturers can no longer do under the CRA (and what to do instead)
In this blog, I’ll give you a thorough overview of common IoT manufacturer and PDE developer practices that need immediate attention, and how to change or improve these practices so that you...
Take the next step
towards CMMC compliance
Learn about all our security certifications
Explore pricing and find the right subscription for your needs
Ubuntu Pro provides an easy pathway to compliance. It delivers CVE patching for Ubuntu OS and Applications covering 36,000 packages, along with automated, unattended, and restartless updates, and the best tools to secure and manage your Ubuntu infrastructure developed by the publisher of Ubuntu.