Pacific CMMC Intelligence
The full archive of Pacific CMMC Intelligence. NAVFAC Pacific contract activity, DoD regulatory changes, and FCA enforcement trends — written for prime contractors, not IT departments. 4 issues and counting.
Some prime contractors believe they can remove CUI markings from data packages to avoid flowing CMMC Level 2 requirements down to subcontractors. They cannot. Primes are authorized holders, not data owners — only the government can decontrol CUI.
SPRS scores are self-reported — and most prime contractors have no documented basis for accepting them. Under the False Claims Act, a false or unsupported compliance claim in your supply chain becomes your liability the moment you sign a contract.
99% of organizations requiring Level 2 C3PAO certification have not completed it. Assessment wait times already stretch past six months. DOJ recovered $52M in cybersecurity FCA settlements last fiscal year. Six months of runway remains — and it takes 12 to 18 months to get ready.
NAVFAC Pacific and NAVFAC Hawaii awarded over $23 billion in new construction contracts in 2025. Every contract vehicle carries CMMC compliance requirements that flow directly to subcontractors. Here is what Pacific prime contractors need to know and do before November 2026.
Get the next brief when it publishes. Pacific CMMC Intelligence covers NAVFAC Pacific contract awards, regulatory updates, and enforcement trends — sent directly to your inbox when new issues are available.