Federal opportunity from DEPT OF DEFENSE. Place of performance: OR. Response deadline: Apr 15, 2026.
As DoD CMMC rollout expands, approximately 80%+ of DoD solicitations are expected to include cybersecurity/CMMC requirements, including many non-tech scopes.
Navigate the lattice: hubs for browsing, trends for pricing signals.
SAM WDOL references matched to this opportunity's location and scope language.
The Portland District, U.S. Army Corps of Engineers (USACE), provides this Notice to Industry to inform current and prospective contractors that most future contract actions issued by the District are expected to require Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 2 (Self-Assessment). This notice is informational only and does not constitute a solicitation, request for proposal, or request for quote.In alignment with Department of Defense implementation of CMMC 2.0, contracting officers are required to include applicable CMMC levels in solicitations and to verify that an offeror’s current CMMC status (self-assessment or certification, as required) is recorded in the Supplier Performance Risk System (SPRS) as a condition of award. For most Portland District requirements, offerors will be expected to have completed a CMMC Level 2 self-assessment in accordance with NIST SP 800‐171 requirements, scored using the CMMC Level 2 assessment methodology, and entered their score and affirmation in SPRS prior to award.The following provisions and clauses may be included in forthcoming solicitations and are available here: https://www.acquisition.gov/Defense Federal Acquisition Regulations Supplement (DFARS) provisions 252.204-7008, Compliance with Safeguarding Covered Defense Information Controls, 252.204-7019, Notice of NIST SP 800-171 DoD Assessment Requirements, and 252.204-7025, Notice of Cybersecurity Maturity Model Certification Level Requirements may be included in most future solicitations. Federal Acquisition Regulation (FAR) clause 52.204-21 Basic Safeguarding of Covered Contractor Information Systems and DFARS clauses 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (Deviation 2024-O0013), 252.204-7020 NIST SP 800-171 DoD Assessment Requirements, and 252.204-7021 Contractor Compliance With the Cybersecurity Maturity Model Certification Level Requirements will likely be included in most upcoming solicitations.Contractors are strongly encouraged to review official CMMC resources and implementation guidance published by the Department of Defense and to begin or continue their compliance efforts as soon as practicable. Organizations that anticipate pursuing Portland District USACE work should ensure that their internal cybersecurity practices, documentation, and assessments are up to date in SPRS.This notice does not change any existing contracts and does not by itself impose new requirements; specific CMMC requirements, including the level and assessment type, will be identified in individual solicitations and contracts. Interested vendors should monitor SAM.gov and other official USACE communication channels for future solicitations that will identify the applicable CMMC requirements for each procurement.
Files size/type shown when available.
A practical, capture-style breakdown of fit, requirements, risks, and next steps.
It summarizes awarded-contract behavior for the opportunity’s NAICS and sector, including a recent pricing band (P10–P90), momentum, and composition. Use it as context, not a guarantee.
The signal updates as new awarded notices enter the system. Always validate the official award and solicitation details on SAM.gov.
P10 is the 10th percentile award size and P90 is the 90th percentile. Together they describe the typical spread of award values.
