BREAKING NEWS: 7/13/2026. The Department of War today announces the immediate suspension of the Cybersecurity Maturity Model Certification (CMMC) Phase II requirements, which were originally scheduled to come into effect on November 10, 2026. All Phase I self-assessment requirements remain firmly in place. Please read more here.
Cybersecurity is a top priority for the Department of War (DoW or Department). The defense industrial base (DIB) faces increasingly frequent and complex cyberattacks. To strengthen DIB cybersecurity and better protect DoW information, the Department developed the Cybersecurity Maturity Model Certification (CMMC) Program. CMMC assesses defense contractor compliance with existing information safeguarding requirements for federal contract information (FCI) and controlled unclassified information (CUI).
Read more from the DoW: CIO – About CMMC
The CMMC Ecosystem is comprised of multi layers of aligned organizations and processes engaged in the implementation, assessment, and certification of the CMMC framework. The Cyber AB is the official accreditation body of the CMMC ecosystem and the sole authorized non-governmental partner of the DoW.
The CMMC Model

Read more from the DoW: CIO – About CMMC
The CMMC framework includes two key documents: NIST SP 800-171r2, Protecting controlled unclassified information in nonfederal systems and organizations and NIST SP 800-171A, Accessing security requirements for controlled unclassified information.
NIST SP 800-171r2 has 110 requirements in a variety of control areas (access, asset, etc).
NIST SP 800-171A contains the 230 assessment objectives that align to one or more of the 110 requirements above.
The DoW site above provides the official scope and assessment guides which are essential to understanding your organization’s requirements.
Radian’s Support With CMMC
Radian’s CMMC subject matter experts can assist clients in readiness to be compliant for a self-assessment to Level 1 or be ready to be certified to Level 2 by a CMMC Third-Party Assessment Organization (C3PAO).
Note: Radian is not a CMMC Third-Party Assessment Organization (C3PAO) authorized by The Cyber AB to perform third-party assessments.
CMMC Overview & Scope Determination
Radian will provide an overview of the requirements for achieving CMMC Level 2 to assist Clients to better understand the complexity and the effort needed to successfully achieve the CMMC level intended. The scoping determination either validates or assists Clients to determine the CUI data boundaries.
CMMC Gap Analysis
Radian will facilitate a gap analysis (not an audit) based on the requirements of CMMC.
It consists of structured discussions aimed at reviewing Clients’ compliance status against the requirements. This may include a technical review if requested.
CMMC Remediation and Improvement
Based on the completion of a gap analysis, Radian may support gap remediation and improvement efforts to resolve identified Plans of Action and Milestones (POA&Ms) to CMMC Level 2.
The Radian CMMC Difference
The CMMC ecosystem is very crowded! Radian has been focused on information and cybersecurity for over 15 years. We have worked extensively with ISO standards and NIST frameworks. Many of our CMMC subject matter experts (SME) have come from leadership roles within government contracting or straight from the government. Our knowledge of the rules of engagement with CMMC provides relevant information and guidance. Our technical experts can provide the necessary guidance for direct or third-party reviews of the technical infrastructures. We are tool agnostic, but we know that sustaining CMMC can require an investment in a CMMC tool. We have friendships with tool vendors and can make recommendations. We are not resellers and will not receive any commission.
Connect with us now to learn how Radian Compliance can support your CMCC requirements.