The Cybersecurity Maturity Model Certification (CMMC) program is here. This Department of Defense (DoD) initiative will impact the way defense contractors further strengthen the Defense Industrial Base (DIB) and its supply chain.

Defense contractors need to begin assessing the maturity of their cybersecurity programs in order to comply with CMMC.

The DIB enables mission – Coalfire Federal helps protect the mission through our CMMC Advisory and Assessment services.

What Is the CMMC Timeline?

The DoD will begin including CMMC requirements in its procurements in 2021. CMMC will be phased into new DoD procurements and programs over the next five years.

All Defense Industrial Base (DIB) companies should begin planning their CMMC strategy now in anticipation that they will need to become CMMC Certified at some point within the next five years.

The time to begin your CMMC journey is now…..don’t wait or it will be too late!

  • Fiscal year 2021: The DoD will unveil 15 contracts with CMMC requirements. This phase will likely impact approximately 1,500 companies seeking defense department contracts. 
  • Fiscal year 2022: The DoD will increase the number of its contracts containing CMMC requirements to approximately 75 – this will likely impact about 7500 defense contractors that will need to achieve CMMC certification.
  • Fiscal year 2023: The number of contracts with CMMC requirements will increase to 250, affecting approximately 25,000 contractors. 
  • Fiscal year 2024: The contract total will jump to 325, which will impact about 32,500 defense department contracting entities.
  • Fiscal year 2025: By the time we reach the quarter-century milepost, there will be about 479 DoD contracts requiring approximately 47,905 defense contractors to achieve CMMC Certification.
  • Fiscal year 2026: By October 2025, the DoD plans to include a CMMC Certification requirement in all of its future contracts.
partners discussing computer data

Factors to Consider When Determining Which CMMC Level Aligns With Your Organization’s Business

  • CMMC level: Depending on the type of contract you are bidding on, you will need to qualify for at least one of the five certification levels. CMMC Level 1 is the minimum requirement for all defense contractors that handle Federal Contract Information (FCI) , It establishes best practices for basic cyber hygiene. CMMC Level 3 is intended for those companies that plan to store, process, and/or handle Controlled Unclassified Information (CUI).
  • Status of existing infrastructure: The degree of “cyber maturity” exhibited by the organization can also have an impact.
  • Number of locations: Companies with multiple branches are likely to have different timeline requirements than those with only one facility.
  • C3PAO availability: As CMMC compliance requires an audit by a certified third-party assessor organization (which is currently in short supply), it could result in assessment delays for many contractors.

How to Prepare for your CMMC Certification?

Working with an experienced CMMC advisory firm like Coalfire Federal can significantly shorten your timeline to achieve CMMC Certification. Our experienced CMMC team has been providing CMMC advisory services since early 2020 and has completed dozens of advisory projects to help clients become CMMC Certification Ready.

  • Gap analysis: The first step in our CMMC preparation methodology is a CMMC gap analysis to quickly determine your CMMC Certification readiness state.
  • Remediation: The purpose of this remediation step is to close the gaps identified during the assessment. This process can take 6-8 months for Level 1 and up to 6-12 months for Levels 3-5. 
  • CMMC Readiness review: Coalfire Federal can provide you with an unofficial readiness review to determine if your team has the appropriate documentation and resources ready to conduct a Mock or Certification assessment.
  • CMMC Mock Assessment: Coalfire Federal can help your organization prepare for its Certification Assessment by conducting an unofficial Mock Assessment. Let our trained assessors help you determine if you’re prepared for your CMMC Certification Assessment.

Coalfire Federal Can Help You Protect the Mission

Coalfire Federal offers a suite of CMMC advisory services that can help you effectively prepare for your CMMC Certification Assessment.

Contact us to schedule an appointment to discuss your CMMC plans and explore how we can support your journey.