Lessons Learned from CMMC Level 2 Assessment

December 4, 2025 | 12:00 PM ET

Once CMMC enforcement officially kicks off on November 10th, organizations in the Defense Industrial Base will increasingly see CMMC requirements in their contracts, including Level 2 (C3PAO) requirements.

Secureframe recently achieved CMMC Level 2 certification after completing a rigorous third-party assessment with Redspin, one of the first and most experienced authorized C3PAOs in the market. Now, we’re opening up the process so you can see exactly what to expect when it’s your turn.

Join Rob Gutierrez, Senior Cybersecurity & Compliance Manager at Secureframe, and Robert Teague, VP of Federal Consulting and a CMMC Lead Assessor at Redspin, for an inside look at how to prepare for success, what assessors are really looking for, and how to avoid common pitfalls. 

What you’ll learn:

• The key phases of a CMMC Level 2 assessment — from scoping to final report

• 5 tips to prepare for an assessment effectively

• What assessors look for (and what slows assessments down)

• The role of the C3PAO and what makes for a successful partnership

• Lessons learned from Secureframe’s own Level 2 assessment with Redspin

• How automation can reduce assessment prep time and evidence burden