Skip to main content

CMMC Hub

CMMC Regulations

32 CFR Part 170

Final DFARS CMMC Rule (Effective Nov. 9, 2025)

DFARS Subpart 204.75 (Superseded)

DFARS Clause 252.204-7012 (Superseded)

(Proposed Rule) DFARS Case 2019-D041

NIST Standards

SP 800-171 (Rev. 3)

SP 800-171A (Rev. 3)

SP 800-172

DoD's CMMC Program

Under the Department of Defense's Cybersecurity Maturity Model Certification Program, government contractors will be required to verify that they meet the cybersecurity safequarding requirements that correspond to the CMMC level that is assigned to their government contracts. DoD has just finalized its DFARS regulation that will incorporate CMMC requirements into government contracts, and that regulation will become effective November 9, 2025. CMMC requirements will be phased into DoD contracts over a three year period and will be implemented into most DoD contracts that are not for commercially available off-the-shelf (COTS) items after November 9, 2028.

CMMC GovCon Bulletins™

CMMC Alert: DoD Issues Final DFARS Rule That Implements CMMC Into DoD Contracts

09 September 2025

CMMC Alert: DoD Issues CMMC Program Final Rule

14 October 2024

CMMC Inches Closer to Implementation As Deadline for Comments on DoD’s Proposed DFARS Rule Approaches

11 October 2024

CMMC Update: Senate Armed Services Committee Asks For Further Study

23 July 2024

CMMC Vlogs/Webinars

May 2025 CMMC Status Check

31 May 2025

March 2025 CMMC Update

26 March 2025

March 2024 CMMC Update: Where We Are Now & What All DoD Government Contractors Should Be Doing

26 March 2024

Three Things Contractors Should Know About DoD’s Transition To CMMC 2.0

18 March 2022