Ready to Grow Your Federal Business? Request a Tech Tuesday Briefing with the Optiv + ClearShark team by contacting us.
Procrastination is Over: CMMC is Here Breadcrumb Home Procrastination is Over: CMMC is Here September 16, 2025 After many years and what it felt like procrastination on the part of the Department of Defense, the Cybersecurity Maturity Model Certification (CMMC) program is official. No more speculation as to if, or when it will happen. Most of us procrastinators thought we wouldn’t see this until October at the earliest, but the DoD surprised us this week. So, on November 10, 2025 CMMC becomes the rule of the land, and all DoD contracts will have a CMMC requirement defined. Many speculated that CMMC would be killed off, radically changed, or simply continued to be postponed. They were wrong, and there were strong indicators early on that such speculation was foolish. I think many we stuck in a world of wishful thinking because they didn’t want to face the realities of their own CMMC journey. If your company has procrastinated and haven’t already started your CMMC journey, expect to find it very difficult in the near future to compete for new DoD contracts, or perhaps more importantly, compete for supply contracts for DoD contractors. Without going through at least a Level 1 self-assessment, your addressable market just shrunk to everything but DoD and their contractors. If you have an existing DoD contract, expect that future renewal to require some level of CMMC compliance. Mindset matters in this. You can see CMMC as an unnecessary burden on your business, or you can see it as an opportunity. The choice is yours. Yes, this takes time, effort, and money. But it also offers you both a competitive advantage and an opportunity to potentially make some fundamental changes that otherwise would never have gotten the priority they needed to get funded. My favorite example of this is if your company manages their IT services within each department instead of centralizing that activity. Depending on your circumstances, you may be able to reduce your CMMC burden through the central management of IT services, and this may be something that can help out the entire company. Similarly, it may be a good time to rethink your corporate structure to isolate your defense work to reduce your risk. So, before you jump into calling your auditor and schedule your audit, take some time to formulate a well thought out strategy. It will be well worth your time, and it will help you navigate this journey ahead for you. In the end, going through this journey is a business decision, and as of this week you have very little time to make that decision. For me, I’ve been following CMMC for years, and having seen the impact of the theft of information from DoD contractors in the past, and the impact that made, CMMC is long overdue. Our national security depends on protecting information, developing and maintaining systems, and being able to project force around the world. The DoD is dependent on contractors for supporting all of these. CMMC is about protecting the information underlying all of these, and I do believe that our DoD and our taxpayers should be able to trust that the contractors will adequately protect its data, and hence we are here looking at CMMC going live in November. By: John Allison Sr. Director of Federal Advisory Services | Optiv + ClearShark John Allison spent 24 years in the Air Force, doing systems engineering, weapons research, program management, and intelligence analysis. He retired in 2015 and started his civilian career focusing on bringing to market compliant cloud solutions including DoD and FedRAMP offerings for both large companies and small startups. Throughout his career he's been called on as the technical and compliance expert and has a passion for bridging the gap between the Government's need for solutions and innovative non-traditional companies. Follow Optiv + ClearSharkLinkedIn: www.linkedin.com/company/clearsharkYouTube: www.youtube.com/c/OptivInc About Optiv + ClearSharkTM Optiv + ClearShark is a cybersecurity and IT solutions provider focused exclusively on serving the U.S. federal government. From the data center, cloud and to the edge, we have decades of experience securing and modernizing federal agency data and infrastructure. Our world-class advisory and engineering team is comprised of mission-focused, results-driven subject-matter experts with deep technology and agency domain knowledge and security clearances. Part of Optiv, the cyber advisory and solutions leader, Optiv + ClearShark partners with federal agencies to advise, deploy and operate complete cybersecurity programs.
About Optiv + ClearSharkTM Optiv + ClearShark is a cybersecurity and IT solutions provider focused exclusively on serving the U.S. federal government. From the data center, cloud and to the edge, we have decades of experience securing and modernizing federal agency data and infrastructure. Our world-class advisory and engineering team is comprised of mission-focused, results-driven subject-matter experts with deep technology and agency domain knowledge and security clearances. Part of Optiv, the cyber advisory and solutions leader, Optiv + ClearShark partners with federal agencies to advise, deploy and operate complete cybersecurity programs.