April 14th 2022
Earlier this week CMMC director Stacy Bostjanick announced an official timeline for the CMMC rollout. The Pentagon plans to publish the CMMC ‘interim rule’ by May 2023, with initial requirements showing up in DoD contracts 60 days after the rule publication: https://insidecybersecurity.com/share/13400
Depending on the current status, we estimate 6-12 months to prepare for a CMMC Level 2 certification assessment. The bottleneck will be the availability of C3PAOs as everybody will want to get certified at the same time. In other words – it’s time to get ready sooner than later to ensure eligibility for those new contracts.
For more details about the path to CMMC compliance including time estimates see our page CMMC Certification Process & Timeline.
If your company handles Controlled Unclassified Information (CUI), you have probably seen CMMC and NIST SP 800-171 mentioned in the same conversation. That is one reason so many contractors assume they mean the same thing. They do not. The short version is simple: NIST SP 800-171 tells you what security requirements to implement. CMMC is
Read More10/10/2025As the federal government shutdown reaches Day 10 with no resolution in sight, defense contractors are asking a critical question: Does this shutdown impact the November 10, 2025 CMMC implementation deadline? The short answer: No. CMMC requirements remain on track. Here’s what defense contractors need to understand about how the current government shutdown affects – or more
Read More- None of the information you provide in the form below will be used for marketing purposes -