CUI-CON 2025 Recap: Our Biggest Takeaways

CUI-CON 2025 just wrapped up, and the SP6 and ASCERA teams were lucky enough to go. Stationed at Booth #4, we spoke to a variety of guests from OSCs (Organizations Seeking Compliance) and vendors, getting a feel for the attitudes toward this year’s event.  

Didn’t have a chance to attend or just want an alternative perspective from your experience? Here’s our biggest takeaways: 

1. Demand for Certified CMMC Assessors (CCAs) is HIGH  

There’s still a huge gap (no pun intended) between the supply of Certified CMMC Assessor’s and the demand of Defence Industrial Base (DIB) and supply chain organizations. As the final rulings have continued to roll in, contractors are beginning to take action toward achieving their compliance requirements––and it seems the consulting industry hasn’t been able to keep up. 

For compliance professionals looking to officially become Certified CMMC Assessors, it seems like the optimal time.  

2. DIB Organizations are Starting to Feel the C3PAO Shortage 

According to attendees and vendors, C3PAOs are booking six months out. This doesn’t come as a huge surprise considering there’s less than 100 authorized C3PAOs with the Cyber AB. With this being the case, the most important thing for organizations to know is their options.  

Don’t let this shortage lull you into a false sense of “having plenty of time.” Between legislation in the works and more C3PAOs getting authorized, having a head start on your compliance requirements ensures you’re prepared for a C3PAO assessment as soon as it’s available to you.  

3. Confusion Around the Status and Requirements of CMMC is Still Prevalent  

Between speaking sessions, we heard plenty of conversations along the lines of “did you get any of that?” Now this can be attributed to speakers being experts in their field and having a level understanding that surpasses non-compliance professionals, however not every organization has a compliance professional working on their maturity program.  

At the end of the day, there’s still a ton of confusion surrounding the CMMC landscape. There’s a clear need for further clarity from the Department of Defense (DoD) about CMMC requirements as well as knowledge transfer from compliance professionals and consultants.  

Wrapping Up 

Like every year it’s been held, CUI-CON 2025 was well worth the visit. Between connecting with fellow DIB organizations, compliance solutions vendors, and everyone between, we highly recommend attending if you’re able to go in the future.  

As for our key takeaways, if you’re someone who falls into the needs we discussed above, SP6 CRC is an authorized C3PAO home to a team of Certified CMMC Assessors and Professionals (CCAs & CCPs) ready to guide you on your compliance journey. Get in touch to see how we can be of service to you!