SPECIAL NOTICE
99 -- Notice to Industry - Application of Cybersecurity Maturity Model Certification (CMMC) Requirements
- Notice Date
- 3/27/2026 10:48:48 AM
- Notice Type
- Special Notice
- Contracting Office
- DEPT OF THE NAVY
- ZIP Code
- 00000
- Solicitation Number
- N62473CMMCNotice
- Archive Date
- 11/30/2028
- Point of Contact
- Hal Hayes, Phone: 6197054674, Chad Slade, Phone: 6197054514
- E-Mail Address
-
harold.w.hayes10.civ@us.navy.mil, chad.a.slade.civ@us.navy.mil
(harold.w.hayes10.civ@us.navy.mil, chad.a.slade.civ@us.navy.mil)
- Description
- Notice to Industry � Application of Cybersecurity Maturity Model Certification (CMMC) Requirements NAVFAC SOUTHWEST (SW) provides this notice to Industry to inform current and prospective contractors about the CMMC Requirements under all NAVFAC SW Planning, Design and Construction (PDC) Multiple Award Construction Contracts (MACCs) and Architect-Engineer IDIQ Contracts. Future contract actions shall include the CMMC requirements in accordance with Department of War (DoW) implementation of the CMMC program. As DoW continues implementation of the CMMC program, solicitations and contracts shall identify when contractor information systems are expected to process, store, or transmit Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). The applicable CMMC level will be identified in the solicitation and contract. Offerors shall be required to have a current CMMC status recorded in the Supplier Performance Risk System (SPRS), including applicable assessment results and affirmations, as a condition of award for the contract, task order, and associated options where CMMC requirements apply. In order to receive an IDIQ award from NAVFAC SW PDC, on or after November 10, 2026, prospective contractors must show that they have obtained a CMMC Level 2 (C3PAO) or higher. Task orders issued under NAVFAC SW IDIQs may be assigned a CMMC Level below Level 2 (C3PAO); however, for the majority of work under Construction and Architect-Engineering IDIQs, it is anticipated that a Level 2 (C3PAO) certification will be required after November 10, 2026. Immediate Steps Required We urge all contractors and subcontractors to take the following immediate steps to prevent any disruption to your contract eligibility: Access SPRS: Log in to the SPRS on PIEE, at https://piee.eb.mil/ SPRS Vendor (Role) & Cyber Reports Access: https://www.sprs.csd.disa.mil/pdf/SPRS_Access_CyberReports.pdf SPRS CMMC Level 2 Entry tutorial: https://www.sprs.csd.disa.mil/videos/Tutorials/CMMCL2SelfAssessment/CMMCLevel2selfassessmenttutorial.html How to upload CMMC Level Training offered on SPRS as an Affirming Official (AO) https://www.sprs.csd.disa.mil/cmmc.htm Verify Your Status: Confirm that your firm has a current CMMC status type properly posted in SPRS. Ensure Accuracy: Validate that the posted CMMC status type accurately reflects your current cybersecurity posture as it aligns with the CMMC level required by your existing or potential contracts. This notice is for informational purposes only and does not constitute a solicitation, a request for proposal, nor a guarantee of award.
- Web Link
-
SAM.gov Permalink
(https://sam.gov/workspace/contract/opp/ee5a3b6038af497e9a33702efb1c8ab2/view)
- Place of Performance
- Address: San Diego, CA, USA
- Country: USA
- Country: USA
- Record
- SN07759965-F 20260329/260327230038 (samdaily.us)
- Source
-
SAM.gov Link to This Notice
(may not be valid after Archive Date)
| FSG Index | This Issue's Index | Today's SAM Daily Index Page |