The Department of Defense began the phased rollout of the Cybersecurity Maturity Model Certification, or CMMC, program today, Nov. 10, marking the end of its voluntary phase, MeriTalk reported Thursday.
The CMMC program is one of the DOD’s key measures to protect sensitive information from cyberattacks and data breaches. Discover other initiatives addressing growing cyber threats and challenges at the Potomac Officers Club’s 2026 Cyber Summit, scheduled for May 21.
Table of Contents
What Is the Cybersecurity Maturity Model Certification Rule?
The CMMC rule, formally published in the Federal Register in September, amends the Defense Federal Acquisition Regulation Supplement and introduces mandatory cybersecurity standards for defense contractors. The program was revised in 2021 as CMMC 2.0, reducing complexity and assessment levels.
The DOD’s Office of Small Business Programs launched a pulse survey to gauge contractor readiness and gather input on compliance challenges. Despite industry concerns, particularly from small businesses, CMMC compliance is now mandatory for defense contractors managing sensitive data.
What Are the Three CMMC Certification Levels?
CMMC comprises three certification tiers, each aligned with the sensitivity of government data. Level one requires 15 basic safeguards for federal contract information. Level two mandtes all 110 National Institute of Standards and Technology Special Publication 800-171 controls for protecting controlled unclassified information. Level three adds enhanced NIST SP 800-172 measures to defend against advanced threats.
What Are the Four Phases of DOD’s CMMC Implementation?
The DOD plans to roll out the program in four phases over a three-year period. Phase one (the current phase) requires contractors to complete level one or two self-assessments for eligible solicitations. Phase two will mandate level two certifications, while phase three will focus on level three certifications. Phase four will require all applicable CMMC standards for contract awards. During phases two and three, the department may allow certification delays until an option period.
Related Articles
The Department of Energy has named Dawn Zimmer as its permanent chief information officer, marking the third official to hold the role since the start of the second Trump administration, NextGov reported Friday. How Did Dawn Zimmer Take on Acting CIO Roles at Energy? Zimmer, who joined the Energy Department as principal deputy CIO in November 2024, served as acting CIO multiple times during a rotation of short-lived permanent officials under Trump’s second term. She first assumed the role during the presidential transition, then briefly served as acting CIO after Ryan Riedel, who was appointed CIO in early February, vacated the position in March. Ross
X-energy has launched the first U.S. irradiation tests of its advanced nuclear fuel, TRISO-X, at Idaho National Laboratory’s Advanced Test Reactor. The Department of Energy said Thursday the 13-month testing campaign is part of X-energy’s efforts to establish the country’s first commercial advanced nuclear fuel fabrication facility to advance the deployment of its small modular reactor design, Xe-100, and other commercial reactors. Why Is TRISO-X Testing at INL Important for Advanced Nuclear Energy? According to DOE’s Office of Nuclear Energy, the experiments will evaluate how the company’s fuel performs under a range of power levels, burnup conditions and temperatures. “TRISO-X
Defense Secretary Pete Hegseth, a 2025 Wash100 awardee, unveiled sweeping reforms to the Department of Defense’s weapons acquisition system during his speech Friday at the National War College in Washington, D.C. “Speed to delivery is now our organizing principle,” Hegseth said in his speech titled the “Arsenal of Freedom.” “It is the decisive factor in maintaining deterrence and warfighting advantage.” Following Hegseth’s announcement, the Potomac Officers Club’s 2026 Defense R&D Summit on Jan. 29 offers a timely opportunity to engage with the leaders shaping the future of U.S. military capabilities. Don’t miss your chance to connect with decision-makers and innovators