Understanding the Cybersecurity Maturity Model Certification (CMMC)
Those responsible for IT and information security in the manufacturing industry are confronted with an ever-increasing number of applications to manage — the typical large enterprise has over 3,400 applications. With all those connected technologies comes greater risks and vulnerabilities.
The Cybersecurity Maturity Model Certification (CMMC) is a new standard being developed by the Department of Defense to ensure that manufacturers in the Defense Industrial Base (DIB) have adequate cybersecurity measures in place to address those risks. The rules are still being finalized, but once approved, the CMMC will be required for all defense contractors and their subcontractors.
CMMC has two (2) key features:
CMMC applies to any company of any size that wishes to secure and work on defense contracts. It will be required throughout the DIB. Even small businesses not working directly with the DoD but who may provide a product or service to DoD contract(s) will need to comply with CMMC. An easy identifier of whether CMMC is applicable to an organization is if said entity receives any income for a defense-related contract whether as a prime contractor or subcontractor at any “level” of the supply chain. As such, it is imperative for companies to carefully read their contracts to understand if and how they play a role in the whole defense supply chain.
The CMMC rules are currently in development and are expected to be finalized in May 2023. Once the rules are finalized, they will go into effect for all federal contractors who work with controlled unclassified information (CUI). The DoD is requiring all of its contractors to be CMMC certified by 2026, but for some, the rules will take effect as soon as 2024. The CMMC rules are a significant change for federal contractors, and it is important to start planning for compliance now! Preparing for CMMC can take anywhere from 10 – 18 months even for the most sophisticated organizations. The Cybersecurity Team at Clark Schaefer Consulting is ready to help you wherever you are in your process. Don’t wait until it is too late!
It is estimated that cybercrime drains over $600 Billion annually from the global Gross Domestic Product (GDP). While the threat landscape continues to grow at an exponential rate as the years go by, security is unsuccessfully trying to keep up. As such, companies (regardless of whether or not they work with the DoD) are encouraged to employ good cybersecurity practices along with a “defense-in-depth” strategy. CMMC was created with such a goal in mind.
Not working with the government does not necessarily mean that an organization does not need CMMC compliance. The basic principles of CMMC compliance relate to proactive and consistent security best practices. In the next few years, it is speculated that CMMC will become the cybersecurity standard for various industries (with the most pressing one today being Cybersecurity Insurance). As such, every organization must strive to or should at least be thinking about achieving CMMC compliance, if only for their own peace of mind.
The team of experts at Clark Schaefer Consulting are here to help you stay on top of all the latest CMMC developments.
Complete the form below and an expert will be in touch shortly.
