Submitted by Back To Business I.T.
CMMC Compliance for Manufacturers
If you’re a manufacturer who does business with the federal government – specifically the Department of Defense – you can’t afford to wait to get CMMC compliant.
What is CMMC?
The Cybersecurity Maturity Model Certification (CMMC) was introduced by the U.S. Department of Defense (DoD) in January of 2020 to ensure any company that’s part of its supply chain is protecting sensitive unclassified information or controlled unclassified information (CUI). (Put simply, CMMC provides the government with proof you have safe data handling and cybersecurity processes.)
You may remember the original CMMC framework had five levels of cybersecurity maturity and affected more than 300,000 defense contractors.
However, on November 4, 2021, the DoD formally announced CMMC 2.0 framework. The updated version simplifies the original model by reducing compliance costs and scaling back the requirement that all defense contractors obtain third-party certification. Under CMMC 2.0, about 80,000 contractors are expected to undergo third-party assessments and certification, while contractors at non-critical CUI levels can self-certify. These changes are reflected in the diagram below:
When will certification be required?
The DoD is planning to release an Interim Rule on the CMMC 2.0 framework by May 2023. This means if you’re one of the 80,000 contractors who require an assessment and certification, you have less than a year to do so. Failure to achieve compliance
before the published rule could mean leaving money on the table and losing the ability to do business with the Department of Defense.
How to get started If your company is still at the very beginning stages of CMMC compliance, the time to act is now. Contractors looking to start their compliance journey should start working toward meeting the 110 controls in NIST SP 800-171 as soon as possible, as preparation and implementation can take up to 18 months or more.
Back To Business I.T. supports manufacturers with cybersecurity and CMMC readiness consulting, and our team understands cybersecurity and compliance challenges unique to complex manufacturing operations.
As a full-service I.T. firm and the area’s leading CMMC-AB Registered Provider Organization, we can help you achieve NIST SP 800-171 compliance as well as help you prepare your Plan of Action and Milestones (POA&M) and System Security Plan (SSP) required for CMMC certification. Don’t wait until it’s too late. Take the first step toward compliance today.