Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

2023 Report on CMMC - What's Next?

The much maligned, misunderstood, and often misguided CMMC framework is hopefully - finally - coming to fruition as the Department of Defense (DoD) has indicated that the rulemaking will take anywhere from 9-24 months from the release date of the CMMC 2.0. Translation: We are still waiting as the 9-24 months has been a standard statement for quite some time now.  This has left federal contractors to wonder when that time period would begin and what the timeline might look like.

As of January 11, 2023, this was the official statement on the website: UPDATES TO THE CMMC WEBSITE WILL BE LIMITED DURING THE CMMC 2.0 RULEMAKING PROCESS.

And their own answer to their own posted question of "When will CMMC 2.0 be required for DoD contracts? "The publication of materials relating to CMMC 2.0 reflect the Department’s strategic intent with respect to the CMMC program; however, CMMC 2.0 will not be a contractual requirement until the Department completes rulemaking to implement the program. The rulemaking process and timelines can take 9-24 months. CMMC 2.0 will become a contract requirement once rulemaking is completed.”

Also, it’s important to note the enormous scope implications to the broader DIB. Per the DoD Chief Information Officer, “DoD’s intent under CMMC 2.0 is that if a DIB company does not process, store, or transmit Controlled Unclassified Information (CUI) on its unclassified network, but does process, store or handle Federal Contract Information (FCI), then it must perform a CMMC Level 1 self-assessment and submit the results with an annual affirmation by a senior company official into SPRS.”

This we do know - CMMC is finally on its way and hundreds of thousands of companies within the broader Defense Industrial Base (DIB) need to start taking measures to comply with CMMC. 

Arlington offers the following CMMC solutions to federal contractors:

  • Scoping & Gap Assessments
  • Remediation & Documentation
  • System Security Plan (SSP)

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.  Learn more at