What we don't know...
We don't yet have the thresholds for validating compliance. We are building the CMMC standard now that the model has been released.
Training for assessors depends upon the CMMC standard, it has not yet been created.
Since the accreditation of C3PAOs and assessors depends on accrediting training, be wary of experts who claim they can guarantee compliance. They can not. Instead focus, on DFARS/NIST 800-171 compliance. It is the law (since 31 December 2017). Non-compliance can put your business with the government at risk.
We do not yet have a timeline. We are working on the many moving parts.
But wait. We are just getting started.
Come back here often for detail and sign up below for alerts and emails.
There is much to come, we will provide information as we build it.