A CMMC ‘Plan B’

Reading time ( words)

As I attend industry events and connect with the leaders of manufacturing companies in the defense industrial base (DIB)—everyone seems aware that CMMC 2.0 rules are coming soon. I see a bit more activity and I’m fielding more questions. Some DIB contractors are getting it, and that’s good news. But there’s also bad news: Too many still bet they can win a high-stakes game of “chicken” with the DoD.

Running a business means balancing risk tolerance and aversion. Many of us will take risks to grow revenues or achieve strategic goals; just as many of us want to avoid risk (especially in terms of expense) if the status quo is running well. That’s a fancy way to say, “If it ain’t broke, why fix it?” Normally, that’s a legitimate question, but asking it requires you to know what “broke” looks like. When a piece of production equipment breaks, it’s obvious. When it comes to your IT network, “broke” is anything but obvious. Your operations could be running along fine yet you have cybersecurity holes big enough to drive a truck through. That’s just what the DoD wants to avoid.

Will the Government Blink?

When business leaders act as if they don’t feel any particular urgency to hit the compliance deadline, I often hear, “If enough of us don’t comply, the government will blink. It will have no choice but to either kick the compliance deadline back again (it worked once, after all) or maybe even exempt us small operators. The DoD is going to swerve first.” That sounds like wishful thinking to me, and in the words of Vince Lombardi, “Hope is not a strategy.”

The DoD will not budge this time. Not for Levels One and Two—and those will cover the vast majority of small- and mid-sized contractors. If for no other reason than credibility, the government has to put a stake in the ground. To be honest, that stake isn’t an unreasonable one. The first level of CMMC compliance amounts to little more than straightforward cyber-hygiene and a system security plan—the things that any manufacturer should be doing to protect itself, its employees, and customers from cyber-threats, be they phishing scams, ransomware, or targeted hacking.

CMMC 2.0’s interim rule is scheduled to be released in March 2023, and let’s say it’s the very last day—Friday, March 31, 2023. What happens next? Sixty days later—call it May 31—to bid or to be included in a bid package, contractors must be able to demonstrate their compliance if asked.

To read this entire article, which appeared in the January 2022 issue of SMT007 Magazine, click here.


Suggested Items

The ‘Intel’ on Advanced Packaging Options

11/29/2022 | Nolan Johnson, I-Connect007
Dr. Tom Rucker is vice president in technology development at Intel and was a keynote speaker at the IPC Advanced Packaging Symposium, which helped set the table for the rest of the agenda. Tom understands this “radical and seismic” shift in terms of technology and breaks down what it means for the semiconductor and PCB fab industries. There’s absolutely a place at the table for PCB fabricators, but what are the first steps?

Modern Inventory Management Secrets

11/07/2022 | Michael Ford, Aegis Software Corp.
Inventory management should be simple; after all, it is how many of us learned to count. ERP solutions have become complex yet cannot solve our immediate supply-chain and manufacturing challenges unaided. It’s time to unfold the root-causes behind key issues and reveal the secrets for success in modern inventory management which have a significant impact on any manufacturing business.

Finding Some Breathing Room in Parts Supply

09/19/2022 | Nolan Johnson, I-Connect007
Electronics manufacturers like Emerald EMS are finding that as the consumer markets experience a slowdown, and supply chain woes are lightening, challenges persist. Chris Lentz, vice president of supply chain logistics, and Joe Garcia, vice president of sales and marketing, break down the issues their company has faced over the past two years in working with vetted sources, not backing down in the face of adversity, and most importantly, forging better relationships with customers. One thing they’ve learned is how to be creative in finding parts while maintaining their reputation with customers. Just because you find it cheaper online doesn’t make it valid. Chris and Joe explain.

Copyright © 2023 I-Connect007 | IPC Publishing Group Inc. All rights reserved.