What is CMMC? CMMC Update Archives CMMC Links
Consulting Employee Training Security Awareness Training Public Speaking Expert Witness
White Papers Newsletters CMMC Update Articles Videos Interviews
CMMC Update by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

July 30, 2025

Congress & DoD publicly support CMMC

Last week the Secretary of Defense released a one-page memo on the subject of "Enhancing Security Protocols for the Department of Defense." In the second paragraph, we see:

"Specifically, the DoD CIO will leverage efforts such as the Cybersecurity Maturity Model Certification, the Software Fast Track Program, the Authority to Operate process, the Federal Risk and Authorization Management Program, and initiatives such as the Secure Software Development Framework."

CMMC is not going away.

Two weeks ago, the House Armed Services Committee passed its version of the FY 2026 National Defense Authorization Act, with an interesting amendment offered by Rep. Joe Wilson (R-SC) in the third en bloc package:

Therefore, the committee directs the Secretary of Defense, to submit a report to the House Committee on Armed Services not later than March 1, 2026, on efforts by the Department to improve the identification, designation and security of unclassified information that requires safeguarding or dissemination controls limiting its distribution to those with a lawful government purpose, including data that existed before the CUI designation was established. The report should also include details on specific measures, including methods to continuously monitor compliance with CMMC requirements, that are in place to assist in these efforts.

There are two very important takeaways from this, IMO:

(1) We aren't the only ones who realize that DoD isn't marking CUI the way it should! I'm really happy to see this emphasis on such a critical issue.

(2) CMMC isn't going away. Did you really think it would? Nope, this amendment is asking for even more, really, as CMMC currently doesn't have any provision for continuous monitoring. Will we see this included in the CMMC 3.0 updated rule? Time will tell.

For now, focus on implementing NIST SP 800-171r2 and getting ready for assessment! Yesterday the Cyber AB announced that 258 CMMC L2 Final Certifications had been issued, and 11 Conditional certs (with 180 days to close those open POAMs). Are your competitors getting ahead of you?

(Note: Read more about POAMs in CMMC here and here.)

Need help? You know where to find me!

Summer Series Virtual Workshops Continue!

Hope to "see" you there!

Use code "CMMCUpdate" to get 20% off tickets for all my workshops.

August 12

Scoping Your CMMC L2 Environment

August 26

Are You Really Ready for a CMMC Assessment?

September 9

Top 10 Ways to Fail a CMMC L2 Assessment



Glenda R. Snodgrass Sincerely,

Glenda R. Snodgrass, CCP/CCA/Lead CCA
grs@theneteffect.com
The Net Effect, LLC
www.theneteffect.com
251-433-0196 x107

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
email: sales at theneteffect dot com
Secure Payment Center






Site Map

Home
CMMC
PCI
GLBA
Consulting
Employee Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews



The Net Effect, LLC

Copyright 1996-2025 The Net Effect, L.L.C. All rights reserved. Read our privacy policy