IT/compliance lead, fractional CISO, or owner-operator at a small or mid-size DoD contractor or subcontractor (typically under 50-200 employees) that handles FCI or CUI and must reach CMMC Level 2
The CMMC DFARS final rule took effect November 10, 2025, starting a three-year phased rollout: Level 1/Level 2 self-assessment and C3PAO requirements begin appearing in select solicitations in Phase 1 and become broadly mandatory by November 2028. With over 118,000 companies expected to need Level 2 certification and roughly 68% of impacted entities being small businesses, a large, deadline-driven cohort of under-resourced contractors needs help right now, before clauses hit the contracts they bid on.