Select Page

Insights Blog

CMMC 2.0 is Here, and Compliance is Mandatory. This is not a Drill

Author: Dan Aldridge — PCG Director of Solutions Marketing

BREAKING: The U.S. Department of Defense (DoD) CMMC 2.0 Rule Went into Effect November 10th, 2025

Unlike previous rules, the new Cybersecurity Material Model Certification (CMMC) 2.0 isn’t voluntary! This article provides the background of the rule and a copy of the rule itself. Most importantly, it explains the concrete steps defense contractors must take to comply, so they don’t miss out on lucrative contracts.

The DoD’s final rule implementing the Cybersecurity Maturity Model Certification (CMMC) 2.0 makes CMMC compliance a mandatory, enforceable contractual requirement for defense contractors handling Controlled Unclassified Information (CUI) or Federal Contract Information (FCI). 

CMMC 2.0 – The Bottom Line

Those defense contractors who do not meet CMMC will become ineligible for DoD contract awards going forward. Also, because prime contractors have already begun to comply, subcontractors who don’t will be excluded from contracts in months, not years.

Fortunately, my company PCG offers a CMMC 2.0-compliant solution and complementary digital transformation services to help defense contractors become compliant and prepare to get new awards ahead of their competitors.

 

The time to prepare is now, as achieving compliance can take several months or even over a year, depending on your organization’s current cybersecurity maturity. Early preparation can help you avoid losing out on potential contract opportunities.

Defense contractors should focus on achieving compliance with NIST SP 800-171 and preparing for third-party assessments, especially for those handling CUI. There is already a backlog for Level 2 and Level 3 compliance to engage a Certified Third-Party Assessor Organization (C3PAO) for your independent assessment. 

This is an article by Forbes entitled “Ready or Not: Trump Administration Just Cleared Rule for Cyber Compliance” that explains some background and implications of the new CMMC rule.

Forbes Article: Ready or Not. Trump Just Cleared the Rule for CMMC 2.0 —

The Forbes article says this about the rule:

“On Aug. 25, 2025, the Office of Information and Regulatory Affairs cleared the Defense Department acquisition rule in Title 48 of the Code of Federal Regulations for assessing contractor cybersecurity requirements.”

This next part of the Forbes article is staggering!

“Across a defense supply chain of roughly 220,000 to 300,000 contractors and subcontractors, with approximately 80,000 expected to require Level 2, only about 270 organizations hold a final CMMC certificate as of late August 2025.”

And this is the impact….

“The program rule in Title 32 made CMMC real in POLICY (caps for dramatic effect). The acquisition rule in Title 48 makes it real in AWARDS.”

 

The Official CMMC 2.0 Rule in the Federal Register —

Here’s what the Forbes article is talking about; the official CMMC 2.0 rule, as published in the Federal Register. You may need a couple of cups of coffee to get through this one, because it’s important to read every line!

So, what does mandatory CMMC 2.0 compliance really mean for defense contractors, particularly A&D manufacturers? It means that defense contractors will have to demonstrate how they comply with CMMC when responding to government RFPs. No compliance, no award.

Here are the Steps to Achieve CMMC 2.0 Compliance

    1. Assess Your Level: Determine the appropriate CMMC level required based on the type of information (FCI or CUI) you will handle under a DoD contract. 
    2. Perform a Self-Assessment: Conduct a thorough assessment of your current cybersecurity posture against the requirements of the chosen level. 
    3. Develop a System Security Plan (SSP): Create an SSP detailing your security controls and practices. 
    4. Create a POA&M: Develop a Plan of Action & Milestones (POA&M) to address any security gaps identified during the self-assessment. 
    5. Select a C3PAO (If Required): For Level 2 and Level 3, engage a Certified Third-Party Assessor Organization (C3PAO) for your independent assessment. 
    6. Undergo Assessment: Complete the assessment process, which may be a self-assessment or a third-party validation. 
    7. Maintain Compliance: CMMC compliance requires ongoing maintenance and periodic reassessments. 
    8. Choose a CMMC-compliant ERP System: The easiest way to comply with CMMC 2.0, particularly if you have on-premise ERP systems where you’re not sure if they are compliant, is to upgrade to a compliant cloud ERP system built for A&D that is running on a CMMC-compliant cloud platform.
    9. Start a digital and business transformation: Change the business processes that have held your organization back and made it non-compliant in the past!

How PCG Can Help

PCG offers 2 fully CMMC 2.0-compliant A&D manufacturing ERP systems: 1) Infor CloudSuite Aerospace and Defense (aka, LN), and 2) Infor CloudSuite Industrial (aka, CSI/SyteLine). Here’s our PCG website page that explains the Infor CloudSuite A&D solutions.

As per DFARS and other regulations, both systems handle project reporting, cost allocation, flow-down, project costing (e.g., fixed price, T&M), etc. And PCG is the only Infor Alliance Partner globally that offers both solutions!

Both systems run on the fully secure Amazon Web Services (AWS) Government Cloud. This is important because AWS is the biggest and best Hyperscaler for A&D cloud ERP systems, and the AWS Gov Cloud provides its own layer of cybersecurity in addition to the cloud systems themselves.

This cybersecurity protection from AWS and Infor includes AI and Robotic Process Automation (RPA), which are high on the list of defense contractors’ and manufacturers’ priorities!

PCG doesn’t stop with enterprise software implementation, either. Instead, we guide you on a digital and business transformation journey that helps future-proof you against cybersecurity threats that are increasing exponentially as AI powers cyberattacks.

PCG does this in tandem with CMMC 2.0 Compliance Advisory services, like those offered by leading consultancy BDO USA and BDO Global , which help you navigate regulatory assessments (including CMMC) and compliance audits.

PCG also offers a “health check” for your CMMC 2.0 compliance readiness assessment, including digital transformation advice for your ERP systems and other cloud systems, such as AI and business process mining. Contact us to order a “health check” here.

 

How the PCG Insights HUB Can Help

Here is our PCG Insights HUB page with 250+ videos that demonstrate the CMMC 2.0 compliant Aerospace and Defense solutions that we offer, which are all ready to go on the secure AWS Gov Cloud.

The PCG Insights HUB has demo videos for the #1 Aerospace and Defense cloud ERP system, as rated by independent analysts. Here is the HUB page for Aerospace and Defense.

Here’s a short video overview of how to get key metrics on Project Contracts/Awards out of the Infor CloudSuite A&D system. This is an excellent capability for CMMC Compliance, and there are many more videos like this one in our HUB!

Final Thoughts —

PCG has one of the most experienced teams for A&D in the enterprise software industry, and we have a web page showing our professional services and consulting for the A&D manufacturing industry.

For more information, visit pcgservices.com, send an email to info@pcgservices.com, or call +1 (800) 265-1230. Visit our PCG LinkedIn page here or contact Dan Aldridge on LinkedIn and ring the bell for more updates about CMMC 2.0, Industry 4.0, ERP, AI, and other cool tech trends.

To stay up to date on the latest information, follow PCG on LinkedIn.

 

///

 

Dan Aldridge

Dan has 25+ years of corporate management experience including CEO, CFO and Controller of the consulting firm he founded and grew for 13 years. He has ERP software and digital transformation experience working with CEO’s, CFO’s, Controllers, and other C-levels at Fortune 500 companies. He specializes in Finance (e.g., Financial Statements, General Ledger, Accounts Payable, Cost Accounting) and Manufacturing (e.g., MRP, Production, Industry 4.0, Smart Factories, MES systems) consulting and project management.

Contact Dan Aldridge.

 

Work together with PCG for great Infor platform success. Contact us, and let’s get started!

More Information for You

More Downloadable Resources

Company

About PCG

Industry Expertise

Insights Blog

Leadership

Careers

Solutions

Augmented Intelligence

BI/Analytics

Cloud Enterprise Platforms

Enterprise Resource Planning

Industry 5.0

Manufacturing Execution Systems

Regulatory Compliance

Services

Business & Technical Advisory

Platform Deployment

Platform & Edge Integration

Platform Optimization

Technical Training

Upgrade Testing & Validation

Validation & Compliance

Support

Functional Support

Platform Support

Technical Support

User Support

Platforms

Infor     NetSuite     Tulip

Technology Partnerships

Contact   |   Legal   |   Privacy Policy   |  LinkedIn   |  YouTube   |   SmartFactory   |   OrangeQuery   |   AskQ

©2016-2026, Providence Consulting Group, LTD. All rights reserved.   |   Wins   |   Go-Lives

Join the conversation and subscribe to our blog.

Get timely communication and receive the latest PCG, Infor and NetSuite
product and business sustainability news and updates.

 

Privacy Policy

Thanks. You have successfully subscribed.

Business predictability through consistent and successful digital transformation.

 

+1 (800) 265-1230