The Department of Defense is making one of the most significant changes to cybersecurity compliance in over a decade: a move from the Risk Management Framework (RMF) to the Cybersecurity Risk Management Construct (CSRMC). For defense contractors, integrators, and managed service providers, this shift will redefine how compliance is achieved and measured. The message is clear: point in time checklists are out, continuous and automated compliance is in. What is CSRMC? CSRMC is the DoD’s new mod...
One of the most common questions Defense Industrial Base (DIB) contractors face is: “What CMMC Level do I need in order to respond to this solicitation?” The answer depends entirely on the contract language and the type of information your organization will handle. Let’s break it down into plain terms. Step 1: Look for DFARS 252.204-7012 or NIST SP 800-171 References If the solicitation includes DFARS 252.204-7012 or explicitly requires compliance with NIST SP 800-171, you are dealing with ...
Image of Timeline The Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) program is moving from planning to execution. With the Final CMMC Acquisition Rule now published, contractors across the Defense Industrial Base (DIB) must prepare for phased implementation beginning November 10, 2025. Understanding the timeline is critical for primes and subcontractors alike to avoid compliance gaps that could impact contract eligibility. Phase 1: Initial Rollout (Nov 10, 2025 – ...
CMMC LEVEL 1 SELF-ASSESSMENT QUICK ENTRY GUIDE VERSION 4.0 The Defense Industrial Base (DIB), compliance with the Cybersecurity Maturity Model Certification (CMMC) is no longer optional, it’s a prerequisite for doing business with the Department of Defense (DoD). While CMMC Level 1 is the foundational tier, it still requires contractors to demonstrate compliance with FAR 52.204-21 (Basic Safeguarding of Covered Contractor Information Systems) and to report their status in the Supplier Perform...
For prime contractors in the Defense Industrial Base (DIB), meeting Cybersecurity Maturity Model Certification (CMMC) requirements is no longer optional, it’s a contractual obligation. But compliance doesn’t stop with your own systems. As a prime, you’re also responsible for ensuring that your subcontractors meet the appropriate CMMC level before they handle Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). Why Subcontractor Verification Matters The DFARS fina...
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
The Cybersecurity Maturity Model Certification (CMMC) has been years in the making, evolving from draft concepts to the rulemaking stage. With the publication of the interim rule in 48 CFR (which formally embeds CMMC 2.0 into the Defense Federal Acquisition Regulation Supplement, or DFARS), many in the Defense Industrial Base (DIB) are asking the same question: What happens next? The short answer: enforcement is coming, and the clock is ticking. Let’s unpack what the rulemaking milestone mean...
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
If you’re a DoD contractor, you’ve probably heard both acronyms thrown around DFARS 252.204-7012 and CMMC. Many companies confuse the two or assume they’re interchangeable. In reality, they’re related but distinct requirements, and understanding the difference is critical to staying compliant and competitive. What is DFARS 252.204-7012? DFARS 252.204-7012 is a clause in the Defense Federal Acquisition Regulation Supplement (DFARS). It has been in place since 2017 and requires contractors to...
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense
Luis G. Batista C.P.M., CPSM luis@cybercomply.us Office: (305) 306-1800 Ext. 800 Website LinkedIn Schedule Appointment CAGE: 9QG33 UEI: K6UZHLE1WUA7 CyberComply CMMC GRC A Product of Armada Cyber Defense