In 2020, the United States Department of Defense (DoD) introduced the Cybersecurity Maturity Model Certification program (CMMC). Since then, the Defense Industrial Base (DIB) has been preparing for future RFPs which will include this new requirement. For many decision makers, the new requirements raised questions on how CMMC would impact their organizations—operationally and financially. But CMMC also awakened a realization that doing business with the DoD, regardless of industry, requires embracing cybersecurity as a strategic imperative for doing business with the Government.

Recently, Cisco commissioned Forrester Consulting to study the projected return on investment that may be realized by engaging Cisco on their preparation efforts toward future accreditation by a third-party assessor to the CMMC requirements. Our goal is to provide DIB companies and organizations with a framework to evaluate the potential financial impact of Cisco integrated networking and security products and solutions for companies on their CMMC journey.


Competitive advantage should go to primes and suppliers with the best cybersecurity posture. Cybersecurity is a “C-Suite Issue”—regardless of the size of your business.

As part of the study, Forrester talked to organizations that have already leveraged Cisco’s broad industry-leading Zero Trust portfolio of products that are already recognized under existing federal standards (e.g.: FIPS 140, DoD APL, FedRAMP, Common Criteria, etc).  Cisco strives to exceed industry standard security requirements and has long been committed to the Government product certification processes in support of delivering trustworthy products to the DIB and to DoD.

How Cisco adds value to your CMMC journey

The Forrester study found that Cisco delivers significant compelling value to an organization’s CMMC journey through its broad product offering—coverage that’s been vetted against federal requirements and that is also generally accessible through a global partner organization. This is a rarity in the industry.

Among the study’s findings, included the observations that partnering with Cisco empowered organizations to:

  • Avoid excessive increase in operational administrative costs
  • Improve operational efficiencies
  • Reduce the number of procurement efforts
  • Reduce integration complexity
  • Reduce internal preparation efforts for accreditation
  • Reduce duration of accreditation audit time and activities.

These, along with several other quantified observations taken together within Forrester’s New Technology Total Economic Impact (TEI) methodology, resulted in hundreds of thousands of dollars in cost savings, significant time savings and a large projected-ROI (as articulated and quantified in detail in the Forrester Study).

Plus, the study found additional benefits for customers gained from the experience of Cisco and the strength of its partner network—including faster time-to-value, greater flexibility and enabling an integrated security and networking portfolio that, most important of all, significantly reduces the probability of a malicious breach.

Overcoming the organizational challenges of CMMC

The study also found that the challenges faced by organizations as they move towards implementing CMMC practices and processes are more easily overcome when partnering with Cisco. This is due to the value of Cisco’s industry-leading integrated security and networking products that are designed to work together, leverage existing investments and support the implementation of mature processes—enabled by technology.

The study uncovered how engaging Cisco contributed to greater efficiencies to help them realize more value. Interviewees revealed that by working with Cisco, they more easily overcame challenges related to costs—specifically, avoiding excessive increase in administration costs and reducing procurement efforts. One stated that  “Companies that are in the defense industrial base . . . need to be able to have a minimum number of discussions and to get a maximum number of solutions out of those discussions. The number of products that you can source from a single vendor becomes so important with those constraints.”

The value of an enterprise agreement for CMMC

By partnering with Cisco through an enterprise agreement, the interviewees’ organizations found Cisco’s suite of solutions helped them not only realize the full value of their Cisco technologies, but also enabled them to advance more rapidly along their technology lifecycle journey. Interviewees also stated that Cisco technologies have already been certified under other guidelines such as the DoD APL, FIPS 140, FedRAMP, Common Criteria, IPv6, and others, and that they integrate with existing investments.

One technology executive said “The thing that Cisco brings to the table consistently for us is that [Cisco] . . . certifies more of its products than just about anybody else.”


Cisco technologies have already been certified under other guidelines such as the DoD APL, FIPS 140, FedRAMP, Common Criteria, IPv6, and others, and that they integrate with existing investments.

Lastly, interviewees emphasized that achieving accreditation was critical to ensuring the continuity of key revenue and funding sources in addition to reducing cyberthreats and threats of other security incidents—underlining the strategic imperative that comes with CMMC .


Forrester Consulting’s study revealed that Cisco’s integrated, market-leading Zero Trust portfolio of networking and security solutions can help organizations like yours with the technical solutions you need to prepare for CMMC accreditation. Plus, Cisco and its large partner network can help you reduce time spent on the procurement, integration and accreditation phases, as well as help reduce the overall projected spend on administration costs to prepare for and maintain accreditation.

In a competitive defense market that requires embracing cybersecurity in order to do business with the government, competitive advantage goes to suppliers who can achieve the strongest enterprise cybersecurity posture. One that is realized with the best value and greatest efficiency. Let Cisco be the bridge to compliance on your CMMC journey.






Andy Stewart

Senior Federal Strategist

Public Safety & Defense