Home > Solutions > CMMC Services

Don’t Let CMMC Hold Up Your Contracts.

CMMC compliance is no longer optional, it’s becoming a contractual prerequisite. As the Cybersecurity Maturity Model Certification (CMMC) framework advances through its formal rulemaking stages, contractors across the Defense Industrial Base must align with escalating requirements to retain DoD contract and certain Federal Grant eligibility. 

August Schell provides unified, expert-led, and cost-controlled support from initial readiness through full audit preparation—whether you’re targeting Level 1, Level 2, or Level 3 certification. 

Book a Complimentary Consultation:

CMMC Rulemaking Status and Implementation Timeline 

Late July 2025, the CMMC rule advanced to the Office of Management and Budget (OMB) for final review. Once approved, it will be published in the Federal Register, enabling enforceability through DFARS clause 252.204-7021 and Subpart 204.75. 

CMMC 2.0 Program Establishment (CFR Rule 48 Finalization) 

00
Days
00
Hours
00
Minutes
00
Seconds

Phase 1: Effective Q3-Q4 2025

Phase 1: Effective Q3-Q4
Key Actions:
The DoD may begin requiring CMMC self-assessments (Levels 1 or 2) for new awards and contract options. Contractors must submit a self-assessment in the Supplier Performance Risk System (SPRS).
Any inclusion of CMMC requirements in solicitations prior to September 30, 2025, must be approved by OUSD(A&S). 
Phase 2: Starts October 1, 2025
Key Actions:
DoD is authorized to include CMMC certification requirements in all solicitations (excluding those solely for COTS products).
Offerors must possess a current (within 3 years) CMMC certificate at the level specified to be eligible for award. Contracting officers shall verify this in SPRS.
Phase 3: Starts October 2026
Key Actions:
CMMC certification may be required to exercise option periods or extend performance on legacy contracts.
Organizations handling CUI must have a valid Level 2 CMMC certificate issued by a C3PAO. 
Phase 4: October 2028 Onward
Key Actions:
Full enforcement of CMMC across all applicable DoD contracts and delivery/task orders, including enforcement of Level 3 certification for select high-impact programs.
Certifications must not be more than 3 years old and must be maintained throughout the contract lifecycle. 

Certified, Scalable Support for Every Phase 

August Schell offers turnkey services tailored to each implementation phase. Whether your organization is in early preparation, pursuing third-party certification, or aligning to NIST SP 800-172 controls for Level 3, we provide certified, audit-ready execution backed by deep technical expertise. 

Unified Compliance Execution 

One team from Gap Analysis through C3PAO readiness—no handoffs or delays. 

Certified
Expertise 

Multiple Lead CCAs + FedRAMP engineers with deep DoD and Federal experience. 

Credit-Based Billing Model 

Predictable pricing, flexible delivery—only pay for executed work. 

Support for
Levels 1–3 

Level 1 self-attestation, Level 2 certification prep, and Level 3 engineering. 

DIBCAC
Coordination 

Direct support in working with DIBCAC for your Level 3 assessment. 

Posture
Continuity 

Post-assessment advisory, threat detection, and remediation planning. 

Professionally Architected & Documented 

Secure-by design architectures with audit ready documentation mapped to every CMMC control. 

READY TO ELEVATE YOUR CYBERSECURITY WITH CMMC COMPLIANCE?

Navigating CMMC compliance doesn’t have to be overwhelming. Partner with August Schell and let us guide you every step of the way. Contact us today to schedule your consultation and take the first step towards a secure and compliant future.
Contact the August Schell CMMC Team
Schedule a Consultation
August Schell is a Registered Practitioner Organization (RPO) and Candidate Third Party Assessment Organization (C3PAO) for CMMC.

Frequently Asked Questions

How to get started?
Contact our CMMC Team or Schedule a Consultation, we will work with you to determine what is required for your particular situation:
CMMC Readiness Assessment: Unsure where to start with CMMC compliance? Our expert team will conduct a comprehensive readiness assessment to evaluate your organization’s current cybersecurity posture and identify areas for improvement to meet CMMC requirements.
CMMC Gap Analysis: Once we have assessed your organization’s readiness, we will perform a thorough gap analysis to identify any gaps between your current practices and the requirements of the desired CMMC level. This analysis serves as a roadmap for implementing necessary changes to achieve compliance.
CMMC Implementation & Documentation Support: Our team will provide hands-on support and guidance throughout the implementation process, helping you establish and maintain the necessary policies, procedures, and controls to meet CMMC requirements. We will work closely with your team to ensure a smooth and successful implementation.
CMMC Assessment Preparation: As you prepare for your official CMMC assessment, we will assist you in organizing documentation, conducting internal audits, and addressing any last-minute concerns to ensure you are fully prepared for a successful assessment with either a C3PAO Representation or Self-Attestation Support.
CMMC Managed Services: Once you have achieved compliance, our managed services team can provide ongoing support to help you maintain compliance, stay ahead of evolving threats, and adapt to changes in CMMC requirements over time.