Is CMMC required now, or is it still being phased in?
CMMC is final and live: the 48 CFR DFARS final rule published 2025-09-10 and took effect 2025-11-10, so the requirement is real today and being phased into solicitations on a schedule. Phase 1 began with self-assessment levels; higher-assurance Level 2…
Answer.
CMMC is final and live: the 48 CFR DFARS final rule published 2025-09-10 and took effect 2025-11-10, so the requirement is real today and being phased into solicitations on a schedule. Phase 1 began with self-assessment levels; higher-assurance Level 2 certification in contracts ramps through later phases (into 2026). Planisphere does not perform a CMMC assessment — that is a self-assessment or a C3PAO's role — but it can supply reproducible model-behaviour evidence for AI components touching the relevant 800-171 controls.
The mark behind the answer.
Cybersecurity Maturity Model · L1 · L2 · L3.
More on CMMC.
Prepare evidence for CMMC review.
First evidence record within 21 days of access · re-runs in a single business day. Planisphere measures model behaviour and emits a reproducible, sha-pinned record — it does not certify, file, or give legal advice.