At August Schell, we recognize the critical importance of CMMC compliance for safeguarding sensitive information and maintaining the trust of your clients and partners. In a world of evolving cyber threats, achieving and maintaining CMMC certification is essential to your organization’s security and success.
Anticipated Timeline
On December 26, 2023, the Department of Defense (DoD) released for public comment the proposed CFR Rule Title 32, which outlines the Cybersecurity Maturity Model Certification (CMMC) 2.0 program. This program will be officially established on December 16th 2024, as it was sent to the Federal Register on 15 October 2024. When Final, CFR Rule Title 48 will mandate CMMC compliance as a prerequisite for contract awards, with Phase 1 expected to commence in mid-2025.
CMMC 2.0 Program Establishment
December 16th, 2024
Market Roll Out – You will likely begin seeing RFIs from Prime Contractors for your status and plans for CMMC Compliance.
Phase 1 Implementation (Rule 48 Finalization): October 2025
Key Actions:
- The initial integration of CMMC requirements into new DoD contracts.
- CMMC Level 1 or Level 2 self-assessments and affirmations of compliance will become prerequisites for contract awards.
- At its discretion, the DoD may require CMMC Level 1 Self-Assessment or CMMC Level 2 Self-Assessment for applicable contracts as a condition for exercising option periods on contracts awarded before the rule’s effective date.
- The DoD may also opt to replace CMMC Level 2 Self-Assessments with CMMC Level 2 Certification Assessments where applicable.
Phase 2 Implementation: March 2026
Key Actions:
- The DoD may begin requiring CMMC Level 2 certification assessments for all new applicable contract awards.
- Contractors will need to pass a certified third-party Level 2 CMMC assessment to qualify for contracts that include Level 2 certification requirements.
- The DoD may choose to introduce CMMC Level 3 certification assessment requirements in certain contracts.
- At its discretion, the DoD may delay the inclusion of CMMC Level 2 Certification Assessment to an option period instead of a condition for contract award.
- The DoD may also include CMMC Level 3 Certification Assessment where applicable.
Phase 3 Implementation: March 2027
Key Actions:
- In addition to Phase 1 and 2 requirements, the DoD will extend the CMMC Level 2 certification assessment to applicable contracts awarded prior to the finalization of the CMMC rule.
- The DoD will not exercise options on existing contracts unless the contractor has passed a third-party Level 2 CMMC assessment.
- The DoD will require CMMC Level 3 certification assessments for all applicable new contracts.
- CMMC Level 2 and Level 3 Certification Assessments will become mandatory for all applicable DoD contracts, both for contract awards and option periods.
Phase 4 Implementation: March 2028
Key Actions:
- Full implementation of CMMC Program requirements across all applicable DoD solicitations and contracts, including option periods on contracts awarded before Phase 4.
WHY PARTNER WITH AUGUST SCHELL FOR CMMC COMPLIANCE?
At August Schell we are more than just a service provider; we are an engineering company first, dedicated to delivering tailored solutions that meet your specific needs. Our vendor-agnostic approach ensures that we are focused solely on finding the best and most effective solutions for your unique situation, rather than pushing any particular product or service. With our commitment to engineering excellence and unbiased guidance, you can trust us to help you navigate the complexities of CMMC compliance with a solution that truly fits your organization.
Expertise: Leverage the deep expertise of our cybersecurity professionals, who are well-versed in CMMC requirements and best practices.
Customized Solutions: We tailor our approach to fit your organization’s unique needs, ensuring a path to compliance that aligns with your specific goals and budget.
Commitment to Excellence: Our commitment goes beyond mere compliance; we aim to strengthen your overall cybersecurity posture and resilience.
Customer Satisfaction: We prioritize your success, providing unmatched support and guidance throughout your CMMC compliance journey.
READY TO ELEVATE YOUR CYBERSECURITY WITH CMMC COMPLIANCE?
Navigating CMMC compliance doesn’t have to be overwhelming. Partner with August Schell and let us guide you every step of the way. Contact us today to schedule your consultation and take the first step towards a secure and compliant future.
August Schell is a Registered Practitioner Organization (RPO) for CMMC. Here are just some of the services we can help with.
Frequently Asked Questions
How to get started?
Contact our CMMC Team, we will work with you to determine what is required for your particular situation:
- CMMC Readiness Assessment: Unsure where to start with CMMC compliance? Our expert team will conduct a comprehensive readiness assessment to evaluate your organization’s current cybersecurity posture and identify areas for improvement to meet CMMC requirements.
- CMMC Gap Analysis: Once we have assessed your organization’s readiness, we will perform a thorough gap analysis to identify any gaps between your current practices and the requirements of the desired CMMC level. This analysis serves as a roadmap for implementing necessary changes to achieve compliance.
- CMMC Implementation & Documentation Support: Our team will provide hands-on support and guidance throughout the implementation process, helping you establish and maintain the necessary policies, procedures, and controls to meet CMMC requirements. We will work closely with your team to ensure a smooth and successful implementation.
- CMMC Assessment Preparation: As you prepare for your official CMMC assessment, we will assist you in organizing documentation, conducting internal audits, and addressing any last-minute concerns to ensure you are fully prepared for a successful assessment with either a C3PAO Representation or Self-Attestation Support.
- CMMC Managed Services: Once you have achieved compliance, our managed services team can provide ongoing support to help you maintain compliance, stay ahead of evolving threats, and adapt to changes in CMMC requirements over time.