Information Technology Navigator

Tips, Advice & Insights from Technology Pros

CMMC 2.0 Timeline — Where Are We Now?

Posted by Ken Bergeron

Thu, Aug 24, 2023

CMMC 2.0 Timeline

It’s been almost a year since we wrote about the risks of delaying CMMC (Cybersecurity Maturity Model Certification) compliance. The only thing that has remained constant since then is that CMMC is not going away. There have been many noteworthy recent developments in the DoD supply chain news space related to updates for DIB contractors to comply with the DFARS 7012 requirements to safeguard CUI (controlled unclassified information) data. The CMMC 2.0 final rulemaking timeline continues to shift from over the horizon to right around the corner, and the recently released NIST 800-171 revision 3 draft amplifies concerns about upcoming changes to the framework requiring additional protections for prime and subprime organizations supplying the DoD.

Progress to Date

So, how much progress have DIB contractors made toward CMMC? At best, improvements in protecting our nation’s cybersecurity and compliance posture are already complete for organizations that are in compliance with current NIST 800-171R2 requirements and working towards CMMC assessment completion. Then there are organizations who are playing catchup, implementing some of the outlined controls in the original NIST 800-171 requirements, but not yet near full compliance. And at worst, there are the organizations that are keeping their heads firmly planted in the sand, hoping CMMC will just go away.

Wherever your organization is along the compliance journey, Daymark Solutions can help. We continue to lead in support of our nation’s efforts to protect our warfighters against real world threats from nation-state enemies. We’ve curated a comprehensive, full breadth of implementation and compliance services across Microsoft’s full stack and related 3rd party solutions for both cloud and on-premises environments to help DIB organizations establish a mature security and compliance posture to ensure CMMC assessment readiness.

Start Your Compliance Journey Today


The upcoming months will be critical for organizations to prepare for CMMC 2.0, and finding an experienced RPO (Registered Provider Organization) is more important than ever in order to fully understand the timeline of CMMC 2.0, the rules that are in place today, as well as the skills required to ensure organizations are assessment-ready — before CMMC requirements are enforced and show up in contracts. Given these factors, we are quickly transitioning our clients from the "early adopters" phase of CMMC, to ensure that they do not miss the boat.

Our Government Services Team provides the services and solutions required for CMMC readiness. We help DIB contractors as small as 10 and as large as up to 6,000 users with the following:

  • Mapping existing security and compliance policies to CMMC controls and provide gap analysis and CMMC documentation deliverables
  • Building secure enclaves using Swivel Seat and green field methodologies
  • Designing and implementing complex hybrid or full cloud IaaS and PaaS secure environments
  • Migrating data, applications and systems from existing environments to secure enclaves
  • Ensuring readiness for CMMC self-assessment with step-by-step, pre-audit guidance 

Contact us to start your compliance journey today.