By Grant Mooney, CCP
🚨 Why I built this timeline: My goal was simple…to warn and serve the Defense Industrial Base.
I’ve spent the last few weeks working a lot… digging through over 20 years of DoD policy, DFARS clauses, Congress Mandates, NIST standards, and real world NIST 800-171 Lawsuit cases. Too many companies still think CMMC is “just a future contract checkbox.” It’s not.
It’s already a survival issue,
📉 If your business depends on DoD contracts and you haven’t finished implementing NIST 800-171, you’ve already missed the deadline: December 31, 2017!
đź“Ť YOU ARE HERE — in the Death of the Old DiB. The “Great Disqualification” begins soon. Primes are already flowing down Level 2 requirements. If you don’t have a certificate or a plan, you’re already losing opportunities.
🎰 If you’re just now starting to take this seriously in Q2 2025, as a company, you’re a High Stakes Gambler. You’re betting everything on 12–24 months of implementation work in a shrinking window. Many won’t make it.
❌ Others will end up like the DoD Dumped Company on this timeline—disqualified, replaced, or acquired.
✅ But there’s still time to get ahead. I’ve heard the early movers landing more work, closing stronger teaming deals, and becoming go-to suppliers because they got certified while others waited.
This timeline is a warning. It’s also a roadmap. If you’re unsure where your company stands, or how to start, reach out. I’m here to help.
