Final Rule Webinar: https://www.summit7.us/webinars/cmmc-phase-1-the-final-rule-is-here?hsCtaAttrib=195767465874

The regulation that finalizes CMMC guidance for DoD contracting officers and program managers officially goes into effect on November 10th, 2025. The highlight of the regulation is the final text of DFARS clause 252.204-7021 which tells contractors which CMMC level they need to achieve in order to take award of a contract. But the regulation also created DFARS provision 252.204-7025 which officially notifies offerors of the requirements contained in the 7021 clause and it's only three paragraphs long!

Summit 7 Live: https://www.summit7.us/S7Live

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

2025 CMMC Final Rule (48 CFR): https://www.federalregister.gov/documents/2025/09/10/2025-17359/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of

Register for the upcoming webinar: https://www.summit7.us/webinars/cmmc-phase-1-the-final-rule-is-here

It's official: CMMC Phase 1 begins on November 10th, 2025 when the 48 CFR CMMC final rule goes into effect. After that point all new Department of Defense/War contracts will contain some level of CMMC requirement. But just when things seem certain, people are wondering about the recent class deviation regarding DFARS clause 252.204-7021. Is the use of the CMMC clause actually suspended? Spoiler: no, not even close.

Final Rule Webinar: https://www.summit7.us/webinars/cmmc-phase-1-the-final-rule-is-here?hsCtaAttrib=195767465874

Summit 7 Live: https://www.summit7.us/S7Live

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

2025 CMMC Final Rule (48 CFR): https://www.federalregister.gov/documents/2025/09/10/2025-17359/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of

Aug Class Deviation: https://www.acq.osd.mil/dpap/policy/policyvault/USA001756-25-DPCAP.pdf

A lot of defense contractors are betting that the DoD will only require CMMC Level 2 self-assessments during the first 12 months of CMMC (“Phase 1”). Since December 2024 there have been three official policies outlining what can be required in Phase 1 and none of them prohibit Level 2 certification assessments. Instead, every policy we can find reinforces the idea that many companies will be required to achieve CMMC Level 2 certification in Phase 1. In this episode we walk through all 3 policies so you can decide for yourself if that's a risk you want to take with your business.

Summit 7 Live: https://www.summit7.us/S7Live

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

32 CFR 170.3(e): https://www.ecfr.gov/current/title-32/part-170#p-170.3(e)

The January Memo (PDF): https://dodprocurementtoolbox.com/uploads/DOPSR_Cleared_OSD_Memo_CMMC_Implementation_Policy_d26075de0f.pdf

The July Memo (PDF): https://dodprocurementtoolbox.com/uploads/PTDO_Do_D_CIO_Memo_Resources_for_CMMC_Implemtation_dtd_20250728_25_T_2704_cleared_20250807_e53aa02e78.pdf