ClosedSpecial Notice
Dept of Defense contract category

Notice to Industry - Application of Cybersecurity Maturity Model Certification (CMMC) Requirements

Dept of Defense · DEPT OF THE NAVY

This notice is not accepting responses.

Page kept for research and related open opportunities below. For current work in this category, use the related notices or browse hubs.

Response deadline
Not listed
Posted
Mar 26, 2026
Solicitation
N62473CMMCNotice
Set-aside
None listed
NAICS
PSC
Place of performance
San Diego, CA, USA
Contracting office
DEPT OF THE NAVY
Source
SAM.gov · updated May 9, 2026

Description

Notice to Industry � Application of Cybersecurity Maturity Model Certification (CMMC) Requirements NAVFAC SOUTHWEST (SW) provides this notice to Industry to inform current and prospective contractors about the CMMC Requirements under all NAVFAC SW Planning, Design and Construction (PDC) Multiple Award Construction Contracts (MACCs) and Architect-Engineer IDIQ Contracts. Future contract actions shall include the CMMC requirements in accordance with Department of War (DoW) implementation of the CMMC program. As DoW continues implementation of the CMMC program, solicitations and contracts shall identify when contractor information systems are expected to process, store, or transmit Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). The applicable CMMC level will be identified in the solicitation and contract. Offerors shall be required to have a current CMMC status recorded in the Supplier Performance Risk System (SPRS), including applicable assessment results and affirmations, as a condition of award for the contract, task order, and associated options where CMMC requirements apply. In order to receive an IDIQ award from NAVFAC SW PDC, on or after November 10, 2026, prospective contractors must show that they have obtained a CMMC Level 2 (C3PAO) or higher. Task orders issued under NAVFAC SW IDIQs may be assigned a CMMC Level below Level 2 (C3PAO); however, for the majority of work under Construction and Architect-Engineering IDIQs, it is anticipated that a Level 2 (C3PAO) certification will be required after November 10, 2026. Immediate Steps Required We urge all contractors and subcontractors to take the following immediate steps to prevent any disruption to your contract eligibility: Access SPRS: Log in to the SPRS on PIEE, at https://piee.eb.mil/ SPRS Vendor (Role) & Cyber Reports Access: https://www.sprs.csd.disa.mil/pdf/SPRS_Access_CyberReports.pdf SPRS CMMC Level 2 Entry tutorial: https://www.sprs.csd.disa.mil/videos/Tutorials/CMMCL2SelfAssessment/CMMCLevel2selfassessmenttutorial.html How to upload CMMC Level Training offered on SPRS as an Affirming Official (AO) https://www.sprs.csd.disa.mil/cmmc.htm Verify Your Status: Confirm that your firm has a current CMMC status type properly posted in SPRS. Ensure Accuracy: Validate that the posted CMMC status type accurately reflects your current cybersecurity posture as it aligns with the CMMC level required by your existing or potential contracts. This notice is for informational purposes only and does not constitute a solicitation, a request for proposal, nor a guarantee of award.

What similar awards have paid

Real federal awards already on the books in a similar lane — so you can size the opportunity, not guess. This is public history, not a bid price, cost estimate, or prediction that you will win.

Not enough similar awards to show a range yet

This notice is missing industry and product codes, so we cannot match past awards yet.

Intelligence only — not legal advice or a guarantee of award. Always verify requirements on the official SAM.gov notice. Past award amounts are public history, not a suggested bid or prediction. Notice ID ee5a3b6038af497e9a33702efb1c8ab2.

Similar open government contracts

Browse all →
Federal vendorsMore from Dept of DefenseCalifornia contracts