top of page

Take These Steps Now for CMMC Mandates in Q1 of 2025

Clock ticking down time to get CMMC Certification

Bluestreak™ Reading Time: 5 minutes

Starting in the 1st Quarter of 2025, ALL contracts from the DoD (Department of Defense) or from a DoD contractor will require CMMC Certification before you can be awarded these contracts. They are required on some contracts already. There is a huge amount of work to do to meet this deadline. Here are some of the major steps you need to take NOW. 

Take These Steps Now for CMMC Mandates in Q1 of 2025

What Should You Be Doing Right Now?

DFARS 252.204-7012 has already mandated that you were to be NIST SP 800-171 compliant by December 2017. If you’re not already NIST SP 800-171 compliant by now, you have some major work to do before January 2025 to continue to get DoD contracts and orders. 


DFARS 252.204-7012

DFARS 252.204-7012 says that if you transfer, process, or store CUI (Controlled Unclassified Information) in any way, you must become NIST SP 800-171 compliant. That is what Bluestreak Consulting™, can help you with. Our team of experts is available to help you in one of two ways. The 1st way is to guide your internal compliance team through the confusing and complex regulations by the DoD, or the 2nd option, Bluestreak Consulting™ can manage this entire process to make sure you meet all of your NIST SP 800-171 requirements and will be CMMC audit-ready.


DFARS 252.204-7019 (part of the DFARS Interim Rule)

DFARS 252.204-7019 says that you must perform a self-assessment (or an outside 3rd-party assessment) on your company infrastructure to see where you are in your current cyber and physical security. This will be done working with NIST SP 800-171A requirements. 


DFARS 252.204-7020 (also, part of the DFARS Interim Rule)

DFARS 252.204-7020 mandates you must submit the results and score of that assessment to the SPRS (Supplier Performance Risk System). You must also have a list of POA&Ms (Plan of Action & Milestones) and a populated SSP (System Security Plan). Bluestreak Consulting™ has a full set of templates that will cover all of these requirements. 


DFARS 252.204-7021 (also, part of the DFARS Interim Rule)

DFARS 252.204-7021 mandates you must prepare for CMMC 2.0 certification by implementing NIST SP 800-171 as a starting point. 


CMMC 2.0

CMMC 2.0 requirements are expected to be mandatory and start appearing on DoD contracts in the 1st quarter of 2025, which is just 14 months away. Keep in mind, it typically takes between 9 to 18 months to achieve NIST SP 800-171 compliance. If you wait any longer to implement NIST SP 800-171 requirements, you will begin to lose business starting in Q1 of 2025 if you are not compliant.


The way to prepare for CMMC 2.0 certification is to implement NIST SP 800-171 security requirements NOW. Bluestreak ConsultingTM can help with this entire process. CMMC 2.0 mirrors the NIST SP 800-171 requirements. This is normally a 9 to 18-month process so there’s no time to waste-take these steps now for CMMC Mandates in Q1 of 2025!

About the Author

Joe Coleman is the cybersecurity officer at Bluestreak Consulting™, a division of Bluestreak | Bright AM™, and a regular editorial contributor for several trade publications providing technology, tips, and news for manufacturers. Joe has over 35 years of diverse manufacturing and engineering experience. His background includes extensive training in cybersecurity, a career as a machinist, a machining manager, and an early additive manufacturing (AM) pioneer. Contact Joe directly at

About Bluestreak:

Bluestreak is a powerful Manufacturing Execution System (MES) and a fully integrated Quality Management System (QMS), designed for the manufacturing environment and service-based manufacturing companies ( metal-treating/powder-coating, plating, heat-treating, forging, and metal-finishing), businesses that receive customers’ parts, perform a process (service) on them, and send those parts back to the customer). Companies need MES software tailored to specific functionality and workflow needs such as industry-specific specifications management, intuitive scheduling control for staff and machinery maintenance, and the ability to manage work orders and track real-time data. If different work centers on the production floor aren’t “speaking” to each other via the MES, the data loses value and becomes disjointed or lost in disparate silos.

Bluestreak | Bright AM™ is an MES + QMS software solution specifically designed to manage and optimize the unique requirements of Additive Manufacturing’s production of parts and powder inventory usage.

7 views0 comments


bottom of page