Blog
Leonardo DRS Sets CMMC Deadline! Is Your Organization Ready?
Christopher Souza | CEO
The Cybersecurity Maturity Model Certification (CMMC) continues to gain momentum across the Defense Industrial Base (DIB). Leonardo DRS has formally notified suppliers that organizations supporting applicable Department of Defense programs will be expected to meet CMMC requirements by November 10, 2026, when the next phase of the Department of Defense’s (DoD’s) CMMC rollout begins. At that point, many contractors handling Controlled Unclassified Information (CUI) will need a third-party CMMC Level 2 certification rather than relying on self-assessments.
While the DoD is implementing CMMC in phases, prime contractors are not waiting until the final stages to prepare their supply chains. Organizations that cannot demonstrate the required certification when requested could face critical delays in contract awards, difficulty remaining on existing programs, or lost opportunities on future work.
Certification Takes Longer Than Many Organizations Expect
For most contractors, CMMC certification is not something that can be completed in a few weeks. Depending on an organization’s current cybersecurity posture, documentation, and operational maturity, preparing for a successful C3PAO assessment often takes between 6-18 months.
Readiness involves much more than implementing technical safeguards. Organizations must demonstrate that required security controls are consistently followed, properly documented, and supported with evidence that can be validated during the certification process.
Waiting until a customer requests proof of certification may leave insufficient time to address compliance gaps, complete remediation efforts, and schedule a C3PAO assessment before contract requirements take effect.
What Should Your Organization Be Doing Now?
Organizations that support Leonardo DRS or other defense contractors should begin preparing now by focusing on the following priorities:
- Perform a comprehensive NIST SP 800-171 and CMMC readiness assessment.
- Identify and remediate technical, administrative, and operational compliance gaps.
- Develop and maintain required documentation, including the System Security Plan (SSP), POA&M, policies, procedures, and supporting evidence.
- Ensure IT operations and cybersecurity practices consistently align with CMMC requirements.
- Prepare personnel, documentation, and evidence for a successful C3PAO assessment.
- Schedule certification activities early, as qualified assessors continue to experience growing demand.
TSI Helps Organizations Achieve CMMC Certification
Preparing for CMMC requires experience across cybersecurity, compliance, documentation, and day-to-day IT operations. Organizations that approach certification as a documentation exercise alone often discover gaps that delay assessments or require additional remediation.
As an established CMMC Registered Provider Organization (RPO), Managed Service Provider (MSP), and Managed Security Service Provider (MSSP), Technical Support International (TSI) has helped numerous organizations successfully achieve CMMC certification. TSI has also completed its own CMMC Level 2 readiness assessment performed by an authorized C3PAO, giving our team firsthand experience with the expectations organizations face during certification.
We work alongside clients to assess their current environment, close compliance gaps, develop required documentation, strengthen cybersecurity operations, and guide them through every stage of the certification process.
Fail to Prepare, Prepare to Fail! Contact TSI Today
The message from Leonardo DRS reflects a broader trend throughout the defense industry. Prime contractors are increasingly requiring suppliers to demonstrate CMMC readiness well before contract deadlines arrive. Organizations that begin preparing now will be in a stronger position to maintain existing business relationships and compete for future opportunities.
If your organization supports Leonardo DRS or any Department of Defense prime contractor, now is the time to evaluate your current compliance posture. Contact TSI today to schedule a discussion about your CMMC readiness and learn how our team can help position your organization for a successful certification outcome.
About Technical Support International
TSI is 37-year old cybersecurity (MSSP) and IT support (MSP) company specializing in helping DIB organizations address their NIST 800-171 and CMMC compliance obligations. As a CMMC-AB Registered Provider Organization (RPO), TSI offers a complete NIST 800-171 and CMMC support solution to help guide our clients toward a successful certification audit and provide the assurance that they’re adhering to these expansive compliance requirements.
Categories
- Backup & Disaster Recovery
- Business Operations
- Case Studies
- Cloud Services
- Cyber Security
- Employee Spotlight
- Finance & Budgeting
- Glossary Term
- Governance & IT Compliance
- Managed Services
- Mobile Device Management
- Network Infrastructure
- NIST 800-171 & CMMC 2.0
- PCI
- Podcast
- Project Management
- TSI
- Uncategorized
- vCIO
Cyber Security Policy Starter Kit:
10 Critical Policies That Every Company Should Have in Place
