According to the CMMC Accreditation Body, it will take an average-sized defense contractor approximately eight to 12 weeks to receive a Level 3 certification, which requires safeguards to protect Controlled Unclassified Information. The certification process has three phases: a four- to six-week period in which contractors update their safeguards to pass the CMMC assessment, a typically one-week assessment by a CMMC Third Party Assessment Organization, then the C3PAO submitting its assessment to the AB for confirmation.
