CMMC Overview and Where To Go From Here!

This presentation provides an up-to-date overview of the Cybersecurity Maturity Model Certification (CMMC) program and its impact on the Defense Industrial Base (DIB). Attendees will gain a clear understanding of existing Department of Defense (DoD) cybersecurity requirements, the structure and purpose of CMMC, and how it aligns with NIST SP 800-171 Rev 2. The session will review the current state of the CMMC rulemaking process, implementation timelines, assessment levels, scoring methodology, and use of Plans of Action and Milestones (POA&Ms). Special attention will be given to the phased rollout of CMMC requirements across solicitations and contracts, the roles of C3PAOs, and contractor responsibilities regarding compliance, self-assessments, and flow-down requirements. The presentation also highlights tools and resources—including Michigan’s CyberSmart program—that support small and medium-sized businesses in achieving and maintaining compliance. Ideal for defense contractors, IT professionals, and compliance officers, this session offers the essential insights needed to prepare for and navigate CMMC requirements effectively.