Achieving CMMC Compliance: A Practical Guide for Organisations

Many organisations in the Defence Industrial Base (DIB) are eager to understand how they can move forward with CMMC compliance for DoD contractors, especially with CMMC 2.0 Level 2 looming large in federal contracts. Whether you're new to the CMMC NIST ecosystem or have been tracking the evolving requirements, you're likely asking:

• How can my organisation be assessed for CMMC Level 2 right now?

• Is certification even possible before final rulemaking?

• What changes are expected once DoD NIST 800-171 becomes part of enforceable requirements?

In this article, ACCORP, a leading CMMC consulting firm in the USA, walks you through the current state of CMMC assessments, how you can prepare today, and what to expect in the near future.

The Current State of CMMC: What’s Really Possible Today?

CMMC has experienced a winding path since its introduction, and many organisations are left wondering how to stay proactive while waiting for final rulemaking. As it stands, CMMC is not yet certifiable—but that doesn’t mean you’re stuck in limbo. Thanks to a proactive approach by the Department of Defence (DoD) and the Cyber AB, organisations can participate in CMMC readiness and assessment programs like the Joint Surveillance Program.

What Is the Joint Surveillance Program?

The Joint Surveillance Program is a collaborative assessment process between:

• A Certified Third-Party Assessment Organisation (C3PAO), like ACCORP

• The Defence Contract Management Agency’s DIB Cybersecurity Assessment Centre (DCMA DIBCAC)

Under this program, your organisation can go through an official NIST 800-171 assessment today—even before CMMC becomes fully codified into DFARS regulations. Here's how it works:

• ACCORP, as your C3PAO, performs the NIST 800-171 controls assessment

• DIBCAC handles the remaining DFARS 7012 clause evaluations

• The goal: a high-confidence readiness evaluation that mirrors the CMMC Level 2 certification process

Why Go Through a Joint Surveillance Assessment Now?

The biggest benefit: when CMMC rulemaking is finalised, your successful Joint Surveillance Assessment can be converted into an official CMMC Level 2 certification. This gives your organisation a serious head start, allowing you to:

• Lock in competitive eligibility for future DoD contracts

• Demonstrate advanced cybersecurity posture to prime contractors

• Avoid the rush once rulemaking is finalised and CMMC Level 2 assessments become mandatory

This is especially critical if you're actively researching how to get CMMC certified or using tools like a CMMC 2.0 compliance checklist.

What's Next: Preparing for Full CMMC Certification

Once the rulemaking process concludes, Joint Surveillance Assessments will sunset, and full CMMC certification assessments will begin. These will no longer be joint efforts; instead, C3PAOs like ACCORP will conduct independent audits as part of their CMMC compliance audit services.

That means now is the time to prepare—especially if your organisation handles Controlled Unclassified Information (CUI) and will be subject to Level 2 of CMMC 2.0.

What Can You Do Today?

Here are a few proactive steps your organisation can take to get ready:

• Review the NIST 800-171 controls and conduct a self-assessment

• Use a NIST 800-171 compliance tool to track progress

• Establish NIST 800-171 policy and procedures aligned with DFARS requirements

• Refer to a NIST 171 checklist to identify any gaps

• Map your existing security posture using a CMMC 2.0 assessment guide

• Leverage CMMC-managed compliance services for ongoing readiness

ACCORP can assist you every step of the way—from readiness assessments to gap remediation and full certification planning through its expert CMMC cybersecurity compliance services.

Final Thoughts: Stay Ahead of the Curve with ACCORP

While the CMMC certification framework is still undergoing rulemaking, forward-thinking organisations are taking steps now to secure their future. Participating in the Joint Surveillance Program or preparing thoroughly for CMMC 2.0 Level 2 puts your business in a strong position to continue—or begin—working with the Department of Defence.

ACCORP is a trusted partner in CMMC readiness and assessment, specialising in CMMC audits, consulting, and certification support. Let’s talk today about how you can prepare for and succeed in your CMMC journey—whether that’s with a current NIST 800-171 assessment, a detailed roadmap for the CMMC Level 2 certification process, or specialised guidance on how to get CMMC certified.