NIST/CMMC Compliance: Waiting Is Not A Strategy

The Department of Defense announced that it is developing a new, mandatory cybersecurity standard and certification for defense contractors who process, store or transmit Controlled Unclassified Information (CUI). It is named the “Cybersecurity Maturity Model Certification” (CMMC). This new standard, as specified below, will directly impact your ability to bid on, and ultimately win, federal contracts.


The CMMC will have the DFARS NIST SP 800-171 cyber security construct as a central component and, as such, attaining NIST compliance is paramount for any organization pursuing federal awards. CMMC will include additional, as yet identified security requirements and the below timeline for rollout was recently published.  While the timeline may change as the Government incorporates Industry input, the government is serious and expects us all to get cyber compliant.

  • January 2020:

Release of the official CMMC Levels and requirements and auditors/certifiers will be available soon thereafter to begin audits. Due to the amount of organizations that will require certification, long delays are expected and this will directly impact sales pipelines.

  • June 2020:

CMMC requirements will be in Requests for Information (RFI’s) and actual audits will be conducted.

  • Late 2020:

Formal certification will be required to bid on Requests for Proposal (RFP’s). The absence of a formal certification will be a disqualifying event for any submitted RFP.

Iviry is a Managed Services IT company that focuses on providing quality IT services to the Government Contracting community and can service companies up to the TOP SECRET level as well as on remote overseas project sites.  We know how to reliably and effectively provide cyber security services that are compliant with NIST 800-171 and the emerging CMMC framework.


As a small business ourselves, we understand how every contract, every win, counts. The pressure on federal agencies to crack down on cyber compliance is huge, and that pressure is real. Delaying NIST compliance is not a winning strategy by any means. If you would like to discuss your current state, or just learn more about your responsibilities as a federal contractor, please click on the below link and schedule an appointment.