Is CMMC required now, or is it still being phased in?

CMMC is final and live: the 48 CFR DFARS final rule published 2025-09-10 and took effect 2025-11-10, so the requirement is real today and being phased into solicitations on a schedule. Phase 1 began with self-assessment levels; higher-assurance Level 2…

register 09 · Compliance pins· CMMC
01 ·

Answer.

Authorization / clearance regime · CMMC.

CMMC is final and live: the 48 CFR DFARS final rule published 2025-09-10 and took effect 2025-11-10, so the requirement is real today and being phased into solicitations on a schedule. Phase 1 began with self-assessment levels; higher-assurance Level 2 certification in contracts ramps through later phases (into 2026). Planisphere does not perform a CMMC assessment — that is a self-assessment or a C3PAO's role — but it can supply reproducible model-behaviour evidence for AI components touching the relevant 800-171 controls.

02 ·

The mark behind the answer.

CMMC is an authorization gate: a package an authorizing official signs before the system may operate, plus a monitoring …

Cybersecurity Maturity Model · L1 · L2 · L3.

→ Full reference for CMMC

Prepare evidence for CMMC review.

First evidence record within 21 days of access · re-runs in a single business day. Planisphere measures model behaviour and emits a reproducible, sha-pinned record — it does not certify, file, or give legal advice.