Executive Summary
The long-awaited 48 Code of Federal Regulations (CFR) Cybersecurity Maturity Model Certification (CMMC) rule was published in the Federal Register on September 10th, 2025. The rule takes effect November 10, 2025, marking the beginning of mandatory cybersecurity certification requirements for Department of Defense (DoD) contractors. The CMMC program will enter contracts in four phases once 48 CFR goes into effect, with each phase lasting approximately one year. This represents a fundamental shift from unvalidated compliance of NIST 800-171 rev 2 to now requiring official third-party party certification for most contractors handling Controlled Unclassified Information (CUI).
Timeline
Phase 1: November 10, 2025
· 48 CFR Effective Date
· Self-assessment required for all solicitations
· CMMC Level 2 compliance required for some contracts
Phase 2: November 2026
· CMMC Expansion Phase
· Level 2 certifications will eventually expand to all contracts with CUI
Phase 3: ~ 2027
· Mandatory compliance of CMMC Level 2 requirements
· DoD begins enforcing CMMC Level 3 standards for contracts requiring advanced cybersecurity controls
Phase 4: ~ 2028
· Full program implementation
Prepare your organization for success. While the DoD is taking a 4-year phased approach to rollout these requirements, contracting officers have ultimate discretion over their requirements, so your next contract could very well have a CMMC Level 2 requirement!
Next Steps
Over 90% of DoD contractors who initially reach out to a CMMC 3rd Party Assessment Organization (C3PAO) as their first step for certification are turned away because they would fail the assessment in their current state.
Registered Practitioner Organizations (RPOs) are credentialed CMMC cybersecurity consultants that specifically focus on preparing DoD contractors for their assessment.
As an RPO, Isidore Consulting Services will help you quickly understand your current cybersecurity posture against the CMMC regulations, identify the actions and timeline required to get you ready for your CMMC assessment, and provide solutions to prepare you for your assessment.
Set up a call today! Let’s prepare you for your CMMC assessment!