Navigating the future of CMMC compliance for Department of Defense (DoD) contractors

CMMC Compliance is Changing.

Few industries are as highly regulated as government contracting.
As a defense contractor, you need CMMC compliance in order to bid on and conduct business.

Are you ready for Version 2.0?

What is CMMC Version 2.0?

To ease the rollout of the CMMC initiative, DoD has adjusted the CMMC framework, compliance requirements, and certification timeline in version 2.0.

Version 2.0 changes include:

  • Streamlined model with 3 tiers: expert, advanced and foundational
  • New foundation for middle tier: NIST 800-171 replaces CMMC control framework
  • Cost reduction: all companies — even at the foundational tier — can demonstrate compliance
  • Increased flexibility: waivers available under certain limited circumstances
  • Heightened accountability: more oversight by third-party assessors

2023 Is Fast Approaching: Begin Your Compliance Planning Now

DoD has indicated that prime and subcontractors should be prepared to comply with CMMC 2.0 by the end of fiscal year 2023. 

The months until 2023 might appear to offer enough time to establish compliance. But CMMC 2.0 is complex and requires expertise and knowledge of DoD rules as well as experience with the DoD compliance landscape.

PBMares, a candidate CMMC Third-Party Assessor Organization (C3PAO), can help you achieve overall CMMC readiness or specific assessment objectives.

For more than a decade, we’ve been working with boards and upper management to prepare against sophisticated high-profile cyber attacks and shore up digital trust.

CMMC AB C3PAO CertificationWith PBMares team of experts, you’ll strengthen your overall security posture, promote security as a continuous process, and tackle every one of your CMMC compliance goals.

For more information, contact a PBMares’ CMMC compliance specialist.


Antonina K. McAvoy, CISA, CISM, QSA, PCIP

Senior Manager, Cybersecurity & Control Risk Services Team Leader


PBMares’ CMMC Services

Our professionals will work with your organization to develop a strategic plan for approaching CMMC 2.0 readiness. Transition from version 1.0 to version 2.0 and address emerging threats and technologies with innovative solutions.

Prior to undergoing a C3PAO assessment, identify potential CMMC gaps within your framework with a gap assessment.

After a readiness assessment or an official assessment from a C3PAO, benefit from a variety of remediation services that can help your organization meet CMMC requirements.

In addition to CMMC requirements that you must address as a contractor, address noncompliance by subcontractors to mitigate disruption and indirect risks to the supply chain.

PBMares’ Certification Process

PBMares CMMC Pathway to Certification