Skip to main content
close search
site logo
Dive Brief

Defense contractors get a head start on CMMC audits

Software investments, infrastructure upgrades and compliance documentation topped the list of Cybersecurity Maturity Model Certification implementation costs, a new survey shows.

Published May 12, 2025
Eric Geller's headshot
Senior Reporter
The Pentagon, the headquarters of the U.S. Department of Defense in Arlington, Va., is seen from the sky.
The Pentagon, the headquarters of the U.S. Department of Defense in Arlington, Va., is seen from the sky. Alex Wong/Getty via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Many federal contractors are initiating Cybersecurity Maturity Model Certification audits even before the Pentagon’s assessment program fully takes effect, according to a newly published report by enterprise software firm Deltek.
  • Nearly 70% of companies that expect to be covered by CMMC — the military’s suite of cybersecurity requirements for defense contractors — plan to undergo a third-party audit this year.
  • More than half of all respondents to Deltek’s survey (55%) said they expected CMMC to cover them, but roughly a quarter of respondents said they didn’t know if it would.

Dive Insight:

CMMC launched in December following years of revisions, but the Defense Department expects to roll the program out over a three-year time frame. Still, with companies now eligible for level 2 assessments, many contractors aren’t waiting to get audited.

This trend is likely driven by companies’ expectations about the criteria they will need to meet — of the companies that said they expected CMMC to cover them, 43% said they anticipated needing a level 2 certification (a tier the Pentagon describes as demonstrating “broad protection” of sensitive data), while 34% said they anticipated needing a level 3 certification (which DOD describes as demonstrating “higher-level protection” against sophisticated hackers).

Technology purchases, infrastructure upgrades and policy development topped the list of factors contributing to CMMC implementation costs, according to Deltek’s report, which surveyed 890 government contractors throughout the month of January. Nearly half (45%) of medium-sized businesses reported hiring outside consultants to help them prepare for their audits.

Deltek’s report also asked contractors about other areas of their business, including their technology investment priorities. Artificial intelligence topped the list, with 41% of contractors saying they planned to invest in it (18% said it was their top priority), followed by cybersecurity, at 32% (with 12% listing it as their top priority). Data management, business automation and cloud infrastructure rounded out the top-five list.

Editors' picks

Company Announcements

View all | Post a press release
CISOs Favor the Elimination of Regulations that Stall AI Innovation, but Warn that Policy Roll…
From Absolute Security
April 22, 2025
Migliaccio & Rathod Investigates Fitzgerald Auto Malls Data Breach
From Migliaccio & Rathod LLP
April 28, 2025
Blackpoint Cyber Unveils CompassOne: A Unified Security Posture and Response Platform to Secur…
From Blackpoint Cyber
April 28, 2025
2025 Ultimate Guide to Free Bitcoin Mining: From JAMining Beginner to Financial Freedom
From JAmining
April 27, 2025
Editors' picks
Latest in Strategy
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.