CMMC is Here: What the CMMC 48CFR Final Rule Means for Veteran-Owned DoD Contractors - Virtual Training Webinar
REGISTRATION OPEN
U.S. Department of Veterans Affairs (VA)
Office of Small and Disadvantaged Business Utilization (OSDBU)
CMMC is Here: What the CMMC 48CFR Final Rule Means for Veteran-Owned DoD Contractors
Virtual Training Webinar
presented by
Exceed Cybersecurity & Compliance
Date: Wednesday, February 11, 2026
Time: 11:00 AM – 12:00 PM EST
Virtual Format: Powered by Cisco Webex
Registration
Please click the link below to register for the event: https://veteransaffairs.webex.com/weblink/register/rdb8cf38bdc2bcf5145dd0be6b7c9b5e3
Event Overview
The final regulatory step toward full implementation of CMMC has arrived. CMMC stands for Cybersecurity Maturity Model Certification, and is the framework developed by the U.S. Department of Defense (DoD) to ensure contractors and organizations handling Controlled Unclassified Information (CUI) meet specific cybersecurity standards. The goal is to protect sensitive data within the Defense Industrial Base (DIB) from cyber threats. The CMMC model has different levels of maturity, ranging from basic cyber hygiene to advanced practices, and organizations must achieve the appropriate level to bid on certain DoD contracts.
On November 10, 2025, Title 48 CFR became final. This officially started Phase 1 of the CMMC program, formally incorporating DFARS clause 252.204-7021 into defense contracts. This milestone cements CMMC as a permanent requirement in the DoD contracting process, with clauses already appearing in new contracts.
For Veteran-Owned small businesses, this development has significant implications. CMMC is no longer “on the horizon,” it is officially here. Further, CMMC is now a binding condition for eligibility AND award of DoD contracts. This webinar will help Veteran business owners understand what the final rule means, how it impacts both prime and subcontract opportunities, and what to expect as CMMC becomes a standard part of the defense acquisition landscape.
Why Attend?
At the end of this training webinar, participants will:
- Understand updates to DFARS clause 252.204-7021 and its impact on contracts.
- Learn about the CMMC framework and compliance steps for veteran-owned small businesses.
- Discover how CMMC affects bidding and award decisions.
Target Business Capabilities
- IT Systems & Infrastructure Integration
- Electronic Health Record Integration
- Cybersecurity & Networking
- Artificial Intelligence & Automation
- Agile Software Development
Who Should Attend?
We welcome participation from:
- Service-Disabled Veteran-Owned Small Businesses (SDVOSB)
- Veteran-Owned Small Businesses (VOSB)
- All other small business socioeconomic classifications are encouraged to attend.
Community of Interest
Information Technology and Services pertains to the development, maintenance, and use of computer systems, software, and networks for the processing and distribution of data. The products and services may include information protection; Enterprise Architecture; customized I.T. services; asset management or procurement; enterprise application development, and testing applications.
Professional Services/Other Supplier Services pertains to any product or service not classified in the other three COIs. This may include professional services like consulting, data analysis; accounting, marketing, auditing, editing, administration, technical advice, or specialized project-based service.
Relevant NAICS Codes
| NAICS | Description |
541512 | Computer Systems Design Services |
541511 | Custom Computer Programming Services |
541330 | Engineering Services |
541513
| Computer Facilities Management Services |
541519 | Other Computer Related Services |
541611
| Administrative Management and General Management Consulting Services |
541618
| Other Management Consulting Services |
About Exceed Cybersecurity & Compliance
Exceed Cybersecurity helps clients identify and manage company risk while building or managing compliance programs such as CMMC, ISO, SOC2, and GDPR.
With the rise in ransomware and cyber-attacks on businesses, many business owners might be aware of the issue but mistakenly believe that cyber criminals are not targeting their organization. The unfortunate truth is that every business is at risk, and many have already suffered due to cyber threats. Exceed Cybersecurity's goal is to offer the best possible defense against these threats and help businesses manage their unmanaged data risks.
In addition to developing cyber and risk management programs, Exceed Cybersecurity assists businesses with meeting their compliance requirements. The company specializes in CMMC compliance for defense contractors, which can be a challenging process, particularly for those who are just starting. The company also provides assistance with SOC2 and ISO 27001 compliance. By helping clients establish their compliance programs, Exceed Cybersecurity offers comprehensive guidance necessary to achieve the level of compliance needed for securing desired contracts.
Disclosure Statement
The participation of any commercial entities in VA outreach and training programs does not convey or imply that the U.S. Department of Veterans Affairs directly or indirectly endorses any product or service provided, or to be provided, by the commercial entity, its successors, assignees, or licensees. Furthermore, the Department of Veterans Affairs does not warrant any services that may be provided by the commercial organizations listed.
For more information regarding the training webinar, contact Curtis Brandon at
For registration support, contact at
directaccess@va.gov or 202 461 4694.