NEWS | Pentagon Seeking Small Business Feedback on CMMC

NSBA is privileged to support the Department of War (Department of Defense (DoD)) in its efforts of surveying small business on recent changes to the CMMC.

 

OCT. 28, 2025 | After several years of public comment amidst repeated delays, the DOD recently issued a final rule on Cybersecurity Maturity Model Certification (CMMC) requirements for companies doing business with the Department of War (Department of Defense (DoD)).  These requirements will begin appearing in DoD contracts beginning on November 10, 2025.

 Review the final rule in the Federal Register here:

• DFARS Final Rule: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)

 

With only two weeks until these new requirements will be inserted into contracts, the DoD Office of Small Business Programs (OSBP) has put out a survey seeking input from small businesses to better understand how companies are preparing for the implementation of CMMC requirements. This short, anonymous survey is intended to help DoD OSBP tailor its support, resources, and guidance to better meet small business needs during the transition. If you have concerns or feedback you would like to make regarding the implementation of new CMMC requirements at the DOD, we encourage you to fill out this survey and share your thoughts with DOD OSBP:

• Cybersecurity Compliance: Small Business Pulse Survey

 

RELATED | Register for NSBA's Webinar with AWS and Mendix on CMMC Compliance or Small Business