Watch full webinar here: https://www.summit7.us/webinars/cmmc-phase-1-the-final-rule-is-here

The start of CMMC phase 1 is just around the corner. Starting on November 10th, 2025, DoD contracting officers will begin inserting CMMC status requirements in new solicitations and contracts. We recently held a webinar on the CMMC final rule to get people up to speed so this week we're bringing you our key takeaways. If you want all the details, the webinar is available on demand (registration link is in the show notes).

Find out where you are on your CMMC journey here: https://www.summit7.us/pathfinder

September has come to a close and despite all the moving parts, name changes, and other potential roadblocks, the CMMC program is humming along. Assessments are being conducted at a blazing pace, the AB staff is growing, and people are still not sure if they should identify as an ESP or CSP.On this week's show, we dig into the September Cyber AB Town Hall and break down all the important details you need to know!

Summit 7 Live: https://www.summit7.us/S7Live

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

AB Town Halls: https://cyberab.org/News-Events/Town-Halls/Details/march-town-hall

DFARS clause 252.204-7021 goes into effect on November 10th, 2025, but there's more under the hood than just the text of the contract clause. Contracting officers have an entire set of procedures they must follow that dictate when and if the 7021 clause should be included in a defense contract at all. In this episode we're looking at the other side of the coin to the infamous CMMC DFARS clause.

Final Rule Webinar: https://www.summit7.us/webinars/cmmc-phase-1-the-final-rule-is-here?hsCtaAttrib=195767465874

Summit 7 Live: https://www.summit7.us/S7Live

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

2025 CMMC Final Rule (48 CFR): https://www.federalregister.gov/documents/2025/09/10/2025-17359/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of

DFARS 7008: https://youtu.be/vgrRGIWboKc?si=chKYMNRUea9eqpn-

DFARS 7012: https://youtu.be/cy4e28YAkXU?si=OO3IEXYvfGqZQ3op

DFARS 7019: https://youtu.be/7gW_82Cus7Y?si=IT2ORlBlZELxxbdu

DFARS 7020: https://youtu.be/D4JLkfvB-Ws?si=-hMhIq6dJLxu1NU4

DFARS 7025: https://youtu.be/LtJK-CHuyp8?si=A6WoUGBEEgVxp5Jx

DFARS 7009: https://youtu.be/kfecRRrd41w?si=PNXrbcvRLHc5GoUg

32 CFR 170 Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule?_gl=1*1qpc6eg*_up*MQ..*_gs*MQ..

Final Rule Webinar: https://www.summit7.us/webinars/cmmc-phase-1-the-final-rule-is-here?hsCtaAttrib=195767465874

The regulation that finalizes CMMC guidance for DoD contracting officers and program managers officially goes into effect on November 10th, 2025. The highlight of the regulation is the final text of DFARS clause 252.204-7021 which tells contractors which CMMC level they need to achieve in order to take award of a contract. But the regulation also created DFARS provision 252.204-7025 which officially notifies offerors of the requirements contained in the 7021 clause and it's only three paragraphs long!

Summit 7 Live: https://www.summit7.us/S7Live

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

2025 CMMC Final Rule (48 CFR): https://www.federalregister.gov/documents/2025/09/10/2025-17359/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of

Register for the upcoming webinar: https://www.summit7.us/webinars/cmmc-phase-1-the-final-rule-is-here

It's official: CMMC Phase 1 begins on November 10th, 2025 when the 48 CFR CMMC final rule goes into effect. After that point all new Department of Defense/War contracts will contain some level of CMMC requirement. But just when things seem certain, people are wondering about the recent class deviation regarding DFARS clause 252.204-7021. Is the use of the CMMC clause actually suspended? Spoiler: no, not even close.

Final Rule Webinar: https://www.summit7.us/webinars/cmmc-phase-1-the-final-rule-is-here?hsCtaAttrib=195767465874

Summit 7 Live: https://www.summit7.us/S7Live

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

2025 CMMC Final Rule (48 CFR): https://www.federalregister.gov/documents/2025/09/10/2025-17359/defense-federal-acquisition-regulation-supplement-assessing-contractor-implementation-of

Aug Class Deviation: https://www.acq.osd.mil/dpap/policy/policyvault/USA001756-25-DPCAP.pdf

A lot of defense contractors are betting that the DoD will only require CMMC Level 2 self-assessments during the first 12 months of CMMC (“Phase 1”). Since December 2024 there have been three official policies outlining what can be required in Phase 1 and none of them prohibit Level 2 certification assessments. Instead, every policy we can find reinforces the idea that many companies will be required to achieve CMMC Level 2 certification in Phase 1. In this episode we walk through all 3 policies so you can decide for yourself if that's a risk you want to take with your business.

Summit 7 Live: https://www.summit7.us/S7Live

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

32 CFR 170.3(e): https://www.ecfr.gov/current/title-32/part-170#p-170.3(e)

The January Memo (PDF): https://dodprocurementtoolbox.com/uploads/DOPSR_Cleared_OSD_Memo_CMMC_Implementation_Policy_d26075de0f.pdf

The July Memo (PDF): https://dodprocurementtoolbox.com/uploads/PTDO_Do_D_CIO_Memo_Resources_for_CMMC_Implemtation_dtd_20250728_25_T_2704_cleared_20250807_e53aa02e78.pdf

The Summer is all but over, but that's ok because the CMMC program is just getting started! On this week's episode, we cover the Cyber AB's Monthly Townhall for August and break down all the things you need to know.

Things like:

• Did assessment progress slow down?

• Are there any reported failures?

• Are people finally interpreting the 10-day post assessment rule correctly?

• Will the DoD be represented at CS5?

• What is the C3PAO Advisory Council?

And so much more... Tune in to find out!

Summit 7 Live: https://www.summit7.us/S7Live

Women of CMMC Dinner: https://cs5global.org/women-of-cmmc-dinner/

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

AB Town Halls: https://cyberab.org/News-Events/Town-Halls/Details/march-town-hall

Register for Secure The DIB: https://www.summit7.us/secure-the-dib-2025

Golden Dome promises to be the largest and most complex defense initiatives in American history. Countless contractors, subcontractors, and suppliers will be called on to help build the ultimate system of systems. But those suppliers are the targets of cyber espionage, disruption, and IP theft – regardless of their size. So it's no surprise that as the Golden Dome program lifts off, the DoD is out in front with some pretty intense cybersecurity requirements.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

DFARS 7012: https://youtu.be/cy4e28YAkXU?si=KvezY7Vu7zXf9qYZ