The CMMC 2.0 Countdown: Will You Be Ready When the Clock Hits Zero?

Reading time ( words)

If you influence IT decisions at your workplace, you need to hear this. If you make the decisions, you need to listen, not just hear: Unless you start acting on CMMC compliance now, you are putting yourself at a disadvantage—one that will take much more time to correct than you might expect.

Think of me as a spokesperson for the industry I represent: we are concerned about you. From what I’ve heard and seen over the last few months, too many of you are listening to suppliers, upstream and downstream partners, or other business owners on how seriously to take CMMC. As a result, far too much wishful thinking is guiding decision-making. So, listen to the experts.

The DoD says we can expect CMMC 2.0’s final rules in March 2023. Given the delays, rollbacks, and revisions that have characterized the program’s rollout to this point, I’d be very surprised if they miss this deadline. Sixty days after the rules come out, CMMC certification will be a non-negotiable requirement for manufacturers in any part of the DoD’s supply chain.

Sixty days is not enough time to prepare.

I recently spoke with the IT director of a company I know well. This individual is very much aware that CMMC is coming, and that DoD business represents a fairly significant portion of the company’s revenue. He also knows that, to get compliant in time, his company needs to start working on it now. The owner of the company also knows this, and is a very smart, very capable person, but the decision came down that the company is putting compliance efforts on the back burner.

I was dismayed but not entirely surprised to learn the reason for the delay. The owner had reached out to other suppliers and manufacturers to hear their CMMC plans and most of them were doing nothing. I heard similar kinds of reasoning at a recent CEO forum—from my rough estimate, fewer than 10% of them were taking active steps toward compliance.

It seems there’s a feeling out there that if most small suppliers don’t comply, it will somehow force the DoD into waiving the requirements or kicking the deadline farther down the calendar.

This is nonsense.

Granted, there have been mixed signals regarding CMMC and small to medium contractors, but here’s the thing to ask: In the three years or so since the program has been in development, have the threats of cyberattacks or the effectiveness of phishing scams decreased? No, they have not; across the board, cyberattacks have done nothing but increase, especially targeting small businesses.

Someone needs to tell you this: The wait-and-see approach is a very bad strategy for small businesses, even in the unlikely event of further delay from the government. It only takes one or two of the giant prime contractors to make a government deadline irrelevant, and I know of certain large primes who have put CMMC regulations into their contracts already. Do you really believe the prime contractors you support or large manufacturers you supply want to risk their own multi-million-dollar contracts by working with vulnerable suppliers? I don’t.

To read this entire article, which appeared in the August issue of SMT007 Magazine, click here.


Suggested Items

Business Email Compromise: The $43 Billion Scam

08/10/2022 | Federal Bureau of Investigation
Business email compromise/email account compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The scam is frequently carried out when an individual compromises legitimate business or personal email accounts through social engineering or computer intrusion to conduct unauthorized transfers of funds. The scam is not always associated with a transfer-of-funds request. One variation involves compromising legitimate business email accounts and requesting employees’ Personally Identifiable Information, Wage and Tax Statement (W-2) forms, or even crypto currency wallets.

SMTA Dallas Expo: A Novel Approach to Outsourcing Sales

04/27/2022 | Andy Shaughnessy, Design007 Magazine
Caleb Townsend is the co-founder of Factur, a new kind of recruiting agency that specializes in filling marketing and sales positions. I met with Caleb at SMTA Dallas and asked him to discuss the creative ways he’s helping contract manufacturers to practice Lean principles in their sales department. As Caleb says, his company helps sales departments embrace methods similar to those used on the shop floor, which sometimes means updating their filing system from a “shoebox full of business cards.”

SMTAI 2021: Rob DiMatteo Turns Up the Heat at BTU

12/15/2021 | Nolan Johnson, I-Connect007
At SMTA International 2021, Nolan Johnson spoke with Rob DiMatteo of BTU International about the current shift in market drivers, pain points from customers, and what he expects to see in the near future. Chip shortages and port delays are just two of the challenges facing BTU’s customers. As general manager of BTU, DiMatteo wants his company to excel at customer service despite these challenges. He also previews a new flux management technology for keeping reflow ovens extremely clean, calling it a significant breakthrough.

Copyright © 2022 I-Connect007. All rights reserved.