The CMMC 2.0 Countdown: Will You Be Ready When the Clock Hits Zero?

Reading time ( words)

If you influence IT decisions at your workplace, you need to hear this. If you make the decisions, you need to listen, not just hear: Unless you start acting on CMMC compliance now, you are putting yourself at a disadvantage—one that will take much more time to correct than you might expect.

Think of me as a spokesperson for the industry I represent: we are concerned about you. From what I’ve heard and seen over the last few months, too many of you are listening to suppliers, upstream and downstream partners, or other business owners on how seriously to take CMMC. As a result, far too much wishful thinking is guiding decision-making. So, listen to the experts.

The DoD says we can expect CMMC 2.0’s final rules in March 2023. Given the delays, rollbacks, and revisions that have characterized the program’s rollout to this point, I’d be very surprised if they miss this deadline. Sixty days after the rules come out, CMMC certification will be a non-negotiable requirement for manufacturers in any part of the DoD’s supply chain.

Sixty days is not enough time to prepare.

I recently spoke with the IT director of a company I know well. This individual is very much aware that CMMC is coming, and that DoD business represents a fairly significant portion of the company’s revenue. He also knows that, to get compliant in time, his company needs to start working on it now. The owner of the company also knows this, and is a very smart, very capable person, but the decision came down that the company is putting compliance efforts on the back burner.

I was dismayed but not entirely surprised to learn the reason for the delay. The owner had reached out to other suppliers and manufacturers to hear their CMMC plans and most of them were doing nothing. I heard similar kinds of reasoning at a recent CEO forum—from my rough estimate, fewer than 10% of them were taking active steps toward compliance.

It seems there’s a feeling out there that if most small suppliers don’t comply, it will somehow force the DoD into waiving the requirements or kicking the deadline farther down the calendar.

This is nonsense.

Granted, there have been mixed signals regarding CMMC and small to medium contractors, but here’s the thing to ask: In the three years or so since the program has been in development, have the threats of cyberattacks or the effectiveness of phishing scams decreased? No, they have not; across the board, cyberattacks have done nothing but increase, especially targeting small businesses.

Someone needs to tell you this: The wait-and-see approach is a very bad strategy for small businesses, even in the unlikely event of further delay from the government. It only takes one or two of the giant prime contractors to make a government deadline irrelevant, and I know of certain large primes who have put CMMC regulations into their contracts already. Do you really believe the prime contractors you support or large manufacturers you supply want to risk their own multi-million-dollar contracts by working with vulnerable suppliers? I don’t.

To read this entire article, which appeared in the August issue of SMT007 Magazine, click here.


Suggested Items

The First India Pavilion

12/19/2022 | Gaurab Majumdar, IPC
For the first time, IPC APEX EXPO will host an “India Pavilion,” showcasing 16 Indian companies promoting India’s electronics manufacturing capabilities. The initiative was undertaken by the Ministry of Commerce & Industry, Government of India, and implemented by the Indian government agency, Electronics and Computer Software Export Promotion Council (ESC) India.

Material Management and Control

11/21/2022 | Davina McDonnell, Cogiscan
In a market that is trying to catch up with increasing customer demands and quickly ship products out the back door, no electronics manufacturing plant can afford to lose any time or resources during the production process. Manufacturers are forced to do more with less and get the most out of every single precious component.

Your Shortage Is Someone Else’s Excess

11/16/2022 | Chintan Sutaria, CalcuQuote
Excess inventory is a ubiquitous issue in the electronics manufacturing services (EMS) industry, and it is made worse by the complexity and volatility of the modern supply chain. Considered an unavoidable cost of doing business, unchecked inventory cost has wreaked havoc on manufacturers without strict controls in place to keep their businesses safe. Excess inventory is not only costly for manufacturers themselves, but also for their end customers. Unwillingly, manufacturers are sometimes forced to eat this cost to avoid disrupting relationships with their customers and with the hope of making up the losses in next year’s orders from the customer.

Copyright © 2023 I-Connect007 | IPC Publishing Group Inc. All rights reserved.