CMMC Hub
DoD's CMMC Program
CMMC Regulations
NIST Standards
DoD Guidance
DoD Memo on Resources & 3-Year Phase-In
July 28, 2025
DoD Memo on Determining Appropriate CMMC Levels
January 15, 2025
DoD CMMC Overview Presentation
August 22, 2025
Under the Department of Defense's Cybersecurity Maturity Model Certification Program, government contractors will be required to verify that they meet the cybersecurity safequarding requirements that correspond to the CMMC level that is assigned to their government contracts. DoD has just finalized its DFARS regulation that will incorporate CMMC requirements into government contracts, and that regulation will become effective November 9, 2025. CMMC requirements will be phased into DoD contracts over a three year period and will be implemented into most DoD contracts that are not for commercially available off-the-shelf (COTS) items after November 9, 2028.
CMMC GovCon Bulletins™
The Timing of CMMC Level Requirements During The Three-Year Phase-In
15 September 2025
CMMC Alert: DoD Issues CMMC Program Final Rule
14 October 2024
Cybersecurity Alert: DoD Issues 2023 CMMC Proposed Rule!
27 December 2023