Skip content
Are you looking for?
cybersecurity

CMMC is Now a Contractual Requirement

The long-awaited final rule for Cybersecurity Maturity Model Certification (CMMC) has arrived. The Department of Defense (DoD) has published the final rule for 48 CFR DFARS 7021 in the Federal Register.

The publication of this final rule signifies that CMMC is no longer a future goal; it is an official requirement. 

Here is what you need to know: 

  • The Clock is Ticking: The rule goes into effect on or before November 10, 2025.

  • A New Era of Contracts: Starting no later than  November 10, 2025, new DoD contracts could include CMMC Level 2 requirements. CMMC Level 1 will be enforced from this effective date as contracts with those requirements are up for renewal or created as new contracts. 
  • No Certification, No Contract: From that date forward, if you are a contractor or a subcontractor in the DoD supply chain without the required CMMC certification, you will be at risk of being ineligible to bid on new contracts. After the timed-phase approach concludes (36 months), you will not be eligible to win new contracts without CMMC Compliance. 

 

What Is CMMC?

The Cybersecurity Maturity Model Certification (CMMC) is a program designed by the DoD to safeguard sensitive information that is shared with defense contractors and subcontractors. It verifies that companies have implemented cybersecurity practices to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). CMMC Level 2 assessments are conducted by third-party organizations to ensure compliance. CMMC Level 1 are self-attested and signed by an authorized agent of the company. 

 

Your Path to Compliance Starts Now

Do not wait until you have lost a bid to begin your CMMC journey. Our team of expert Certified CMMC Assessors (CCA’s) and Certified CMMC Professionals (CCP’s) specialize in helping defense contractors navigate the complex world of CMMC compliance.

We offer:

  • Gap Analysis:We analyze your current state against CMMC requirements to identify any gaps and build a plan for remediation.
  • Advisory Services: We advise you on all aspects of the CMMC standard and provide you with the tools necessary to be successful in your pursuit of cybersecurity readiness. We will help you develop the policies and procedures to ensure your compliance with all of CMMC’s 110 practices and 320 objectives.
  • MSP/MSSP Services: We have the expertise necessary to provide Managed Services & Managed Security Services to support your achievement of Level 1 and/or Level 2 compliance. 
  • Assessment Support:Our team of Subject Matter Experts will participate (to the extent allowable) in your assessment and support your business throughout the process. LRQA prides itself on being a trusted advisor and partner on this assessment journey. 

 

Contact us today to secure your place in the DoD supply chain. Your future contracts depend on it.

Contact LRQA