When Will CMMC 2.0 Be Required for DoD Contracts? 

CMMC Compliance

2-minute read time  

The Department of Defense (DoD) originally anticipated that the CMMC 2.0 rollout would be a part of contracts this summer, but the conversation remains mostly quiet. Experts at Aligned have been keeping their eyes peeled for any indication that this is still the case.  

Let’s dig into what we know so far. 

Complications and Factors Around CMMC 2.0

In March, we reported on the CMMC complications and external factors that could likely delay the launch. This ranged from planning two rules to enforce how government contractors must protect controlled unclassified information (CUI) to updates to NIST 800-171 and the mandated clarification of CUI by The National Defense Authorization Act (NDAA). These all play a part in why the implementation process has been delayed. 

Forecasted Date of Contract Implementation

As of May 19, David McKeown (DoD’s CISO) said their team has the line items mostly “fleshed out” for each area of NIST’s framework and expects completion within 6 months. 

nist cybersecurity framework

However, it must make a few stops with the Office of Small Business and Office of Management and Budget (OMB) before government contractors can expect to see it in contracts.  

McKeown noted that the Pentagon is diligently working with the private sector to streamline and address pain points relating to the barrier of entry for small and medium-sized businesses. He stated that the target date for CMMC to hit contracts is late Fall 2024. 

Next Steps for Defense Prime and Subcontractors

As a contractor, ensuring that your company complies with NIST 800-171 standards is crucial. If you’re confident you meet these requirements, remember to keep up with annual assessments and start thinking about potential C3PAOs


If your company is struggling to meet cybersecurity requirements, consider partnering with a certified Registered Provider Organization (RPO) to increase your chances of success. An RPO can help you navigate complex cybersecurity controls and ensure compliance. 

Aligned is proud to be one of the first companies chosen as a CMMC RPO. Our mission is to help you safeguard sensitive information and protect our warfighters. With our extensive compliance experience, we have successfully guided defense prime and subcontractors through the complexities of DFARS, NIST 800-171, and CMMC. 

By partnering with our compliance experts, your organization can rest assured that you will save valuable time and money. We will work closely with you to ensure that you are fully prepared for when CMMC becomes a contract requirement. 

    Filter articles

Latest Articles

Contact us to get started today!

Call us at (703) 740-9797 or fill out the form below to schedule your free consultation. We will get back to you shortly.

*All fields are required.

This site uses cookies to optimize functionality and give you the best possible experience. If you continue to navigate this website beyond this page, cookies will be placed on your browser. To learn more about cookies, click here.