Compliance CMMC National Security

Lockheed’s Big Warning: Get CMMC Certified or Get Left Behind

MNS Group
MNS Group Jul 11, 2025 10:56:23 AM 1 min read

There is a lot of buzz in the DIB after Lockheed Martin’s recent blog post¹. It’s concise, to the point, and we recommend reading it.

Notably, there is one quote in particular that has many talking:

“By now, all DIB companies managing CUI should have fully implemented – and be confidently meeting – NIST SP 800-171 (r2) requirements.”

Lockheed has made it loud and clear; if you're part of the Defense Industrial Base and you're handling CUI, you should already be compliant with NIST SP 800-171.

Many are alarmed because there is a widespread misconception that CMMC certification is still optional. However, these requirements have been in contracts since 2017 for contractors to self-attest to.

Lockheed is not the only prime placing pressure on their subs: primes of all sizes manage their risk by asking their subs to meet specific thresholds: a range of SPRS scores, answering questionnaires, and providing documentation.

What We've Observed Confirms a Trend

MNS Group attended a conference in February of 2024 where a Lockheed executive offered the keynote to the aerospace attendees. She shared multiple slides outlining the expectation of contractors to comply with NIST SP 800-171.

Lockheed’s recent corporate statement does not mince words: comply with requirements now or risk not working with Lockheed in the future.

From this, we can expect a growing exclusion of contractors who are not yet certified.

If you are waiting for CMMC to become real, you have waited too long. Delaying certification is now a business risk that could cost you future contracts.

What You Can Do Right Now

As a CMMC Third-Party Assessment Organization (C3PAO), MNS Group is ready to help you get assessed, so you can win contracts.

Talk to one of our experts today to schedule your CMMC assessment or learn more about how we can help.

Let’s get this done—before it’s too late.

 

Talk to an expert today

 

 

¹ Lockheed Martin. “Cybersecurity Maturity Model Certification: Rulemaking Progress.” Last modified June 30, 2025. https://www.lockheedmartin.com/en-us/suppliers/news/features/2025/cybersecurity-program-rule.html

² U.S. Department of Defense. “Cybersecurity Maturity Model Certification (CMMC) Program.” Federal Register, October 15, 2024. https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program

Don't forget to share this post!

MNS Group
MNS Group
More by author

Related posts

Compliance CMMC Technology

Fast Track to Compliance: A Guide to CMMC Assessments – PBExpo 2025 Keynote Summary

Mar 10, 2025 10:52:45 AM
MNS Group
cybersecurity Compliance CMMC

MNS Group Becomes an Authorized CMMC C3PAO

Feb 5, 2025 5:05:40 PM
MNS Group

Forecasting Beyond the Clouds: How GovCons Can Plan for a Bright Future by Tracking the Right Metrics

Feb 5, 2025 1:55:40 PM
MNS Group