The Cybersecurity Maturity Model Certification (CMMC) has been in the works for several years at this point. First announced in 2019 by the Department of Defense (DoD), the CMMC model has been revised and tweaked over the years as it crawls to the ratification finish line.
After regulatory approval, the Department of Defense has officially published CMMC into the federal register as a proposed rule on December 26, 2023. Published under the name 32 CFR Part 170, CMMC 2.0 will undergo a public comment period of 30-60 days where the public is given the opportunity to express their concerns or approval of the rule. CMMC Compliance is final!
This document is 234 pages long and contains a comprehensive description of CMMC. Being published as a "proposed rule" means that an agency is intending for this rule to "address a problem or accomplish a goal" and seeks the publics input. The feedback received from this public comment period will inform how the "final rule" is structured.
Businesses that fall in scope of CMMC will need to take proactive action to the upcoming rule. Organizations seeking certification (OSC) should have already taken the steps to ensure they are CMMC compliant so that when the final rule is officially implemented, they can be confident in their ability to defend CUI. With thousands of organizations within scope of CMMC and only a limited number of auditors, it could take a considerable amount of time to successfully certify your business. CorpInfoTech is committed to reaching CMMC Level 2 Compliance to improve our client services and guarantee coverage of more than 200 security controls.
Update CMMC 11/10/2025
Corporate Information Technologies (CorpInfoTech) has been following the progression of the CMMC rule for the past several years. As the CMMC rule reaches completion, it's important to understand the importance of becoming and remaining compliant. Through CorpInfoTech's managed services (know as ESP, External Service Provider, for CMMC Compliance), your organization can remain confident your data is protected and your organization compliant.
"CorpInfoTech engages with external sources for validation to ensure our processes, procedures, and tools are valid and compliant. We have officially registered with Cyber AB as an OSC (Organization Seeking Certification) so that when the rule is finalized, we are ready." - Lawrence Cruciana, Founder and President of CorpInfoTech
CorpInfoTech is a CMMC Level 2 (C3PAO) certified Managed Service Provider, prepared to support your organization’s CMMC compliance journey. Let's talk today!
CMMC Update: CMMC compliance is LIVE, effective November 10, 2025. CMMC is now mandatory on all new DoW (formerly DoD) contracts. During Phase 1 contracts must demonstrate compliance with CMMC Level 1 requirements - organization handling FCI must submit a Level 1 self-assessment to the Supplier Risk Performance System (SRPS) prior to new contracts. Prime contracts may ask of their supply chain to be Level CMMC certified at any point during the rollout phases.
CorpInfoTech, a Managed Service Provider (MSP) with over 25 years in the SMB space, is a trusted partner for business pursuing compliance and cybersecurity. We are a CMMC Level 2 (C3PAO) certified MSP and a Cyber AB Registered Provider Organization (RPO). Also, as the first CIS accredited organization, we help organizations implement the CIS controls as it pertains to CMMC and your overall cybersecurity posture. CorpInfoTech is your trusted partner for secure, compliant growth in every changing digital landscape.