Phase 2 of the CMMC rollout begins November 2026 — new DoD contracts involving CUI will require third-party Level 2 certification, and assessor slots are booking 12–18 months out. WAR Consulting Group gets contractors and subcontractors from "we should look into this" to assessment-ready.
Three engagements that map to where you are in the CMMC journey — scoped for small and mid-size contractors, without big-firm overhead.
Know exactly where you stand against Level 1 or Level 2 — and what it will take to close the distance.
We close the gaps with you — documentation and technical controls both, because assessors check for both.
Walk into your C3PAO assessment knowing the outcome — and stay compliant after the certificate is issued.
The big primes have compliance departments. You have contracts to deliver. We work with:
Map where FCI and CUI actually live. A tight scope is the single biggest cost-saver in CMMC.
Score all 110 controls honestly — the assessment you want to fail is the internal one.
Close gaps in priority order: documentation, technical controls, and the evidence to prove both.
Mock-assess, fix the last mile, and walk into the C3PAO assessment with no surprises.
WAR Consulting Group brings more than a decade of cybersecurity and compliance experience inside the defense industrial base — including General Dynamics and Teledyne / FLIR, where NIST SP 800-171 and DFARS flow-downs weren't a consulting deliverable, they were the day job.
That means your readiness plan is written by people who have built these programs inside a defense contractor: the real cost of controls, what assessors actually look for, and how to get to compliant without stopping the shop floor.
Tell us where you are in the CMMC process. We'll respond within one business day to set up a discovery call — what level you need, what an engagement looks like, and whether we're the right fit. No scare tactics, just a straight answer.