CMMC Compliance | National Forwarding Company

Updated as of 03/27/2026

What is CMMC?

Cybersecurity Maturity Model Certification program (CMMC) is the Department of Defense’s standardized framework designed to ensure that all defense contractors implement and maintain appropriate cybersecurity protections for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). CMMC establishes tiered security levels, each with specific technical, procedural, and policy requirements that companies must meet and affirm in order to handle DoD-related data and remain eligible for contract awards. Refer to USTC Advisory #26-0025C for additional information.

Terms:

CUI: Controlled Unclassified Information: information that is not classified but that the U.S. Government requires to be safeguarded or controlled because unauthorized access could impact national security, mission operations, or individual privacy.
PII: Personally Identifiable Information: any information that can be used to identify, locate, or contact a specific individual, either on its own or when combined with other data.
SPRS: Supplier Performance Risk System: Department of Defense’s official database used to collect, store, and evaluate performance, security, and risk information about defense contractors.

What Is Happening?

DP3 shipments routinely involve PII of military members (names, addresses, SSNs, orders, etc.).
That PII is classified as CUI.
The DoD is now requiring that all companies who TOUCH that data meet modern cybersecurity standards under the CMMC program. This requirement is NOT localized to USTRANSCOM/Industry etc. Any entity working with the DoD must comply.
If we do not comply → we (TSPs) will NOT be awarded DP3 shipments. This compliance includes making sure our underlying service providers are also compliant.

Why?

This standardized cybersecurity framework is designed to reduce vulnerabilities across the defense supply chain and prevent cyberattacks, data breaches, and adversarial exploitation. By enforcing minimum security controls and verified compliance, the DoD strengthens national security and ensures mission-critical information is protected at every level of contractor involvement.

Underlying Service Providers for NFC: What You Need to Do

If you would like to learn more about CMMC Level 1, helpful information is available on the International Association of Movers (IAM) website:
https://iamovers.org/iam-cmmc-resource-center/.

Under the DP3 Program, the Transportation Service Provider (TSP) is responsible for ensuring that any companies they hire (such as agents, haulers, or other service providers) also follow CMMC Level 1 cybersecurity requirements. As a general rule:

If you bill the government directly and they pay your company directly, you must complete the official CMMC Level 1 self-certification through the government system by March 15.
If you are working as a subcontractor or underlying service provider and are paid by a TSP or management company, you should check with each company you work with to see what they require. Some may use their own portal, while others may ask you to complete a simple compliance form.

NFC Compliance

National Forwarding has collaborated with LaborNet to help design and build the LaborNet CMMC portal, which simplifies CMMC compliance administration for everyone supporting our military service members and Department of War civilian moves. Through the LaborNet CMMC portal, National will ensure their partners and subcontractors are CMMC compliant.

It is NFC’s position that our network does NOT have to go through the registration process and data entry for CMMC compliance in the government’s portal, which can be long and complicated, unless they are working directly with the DoW.

We have created an easy-to-use portal for entry that does not require those complicated steps. Our network will have to complete by May 15, 2026, to continue receiving shipments from us.

Why this matters:

The DoW requires the TSP and all underlying service providers protect the personal information of those we are moving.
NFC can track driver and subcontractor compliance to ensure service member data protection meets CMMC requirements.

The next steps:

You will be receiving an email from noreply@labornetapp.com with the subject CMMC Data Request containing a dedicated link to complete the self-certification for NFC. Contact agencyservices@nationalforwarding.com if you have not received the link within 48 hours and we will resend to you.

If you have already advised us of your self-certification, there is no need to perform entry in the portal.

If you have any questions, please contact Agent & Business Services at 800-722-9144 option 5 or email agencyservices@nationalforwarding.com.