Reading time ( words)
The electronics manufacturing sector faces unique challenges when it comes to cybersecurity, given the highly sensitive nature of the information that it handles. With the introduction of the Cybersecurity Maturity Model Certification (CMMC) framework, businesses will soon be required to meet specific, more stringent cybersecurity standards to bid on Department of Defense contracts. This has made cybersecurity hygiene and CMMC compliance more important than ever for businesses in the sector, as non-compliance can result in lost revenue and reputational damage.
At the recent EMS Leadership Summit, held during IPC APEX EXPO 2023 in January, summit organizers arrange a panel discussion with three industry experts. The panel, moderated by Maribel Hernandez, followed a Question & Answer format. Panelists included: Vijay Takanti, Joaquin Hernandez, and Allen Anderson and discussed the details and intricacies of CMMC compliance, and how it can affect a business. The experts shared their insights into the challenges that businesses in the sector are likely to face, the specific requirements tied to CMMC compliance, and the steps that businesses can take to ensure that they are adequately protected and able to achieve compliance within the framework. This article, compiled by the participants, summarizes portions of the discussion from the summit event.
What’s the difference between cybersecurity and CMMC compliance?
Joaquin Hernandez: Cybersecurity is the practice of protecting computer systems, networks, and data from unauthorized access, theft, and damage. It's a broad concept that encompasses many different tactics, techniques, and procedures. The CMMC compliance, on the other hand, refers to the requirements set forth by the DoD to ensure that contractors are meeting a minimum level of cybersecurity readiness before being awarded contracts.
In other words, cybersecurity is the foundation upon which compliance is built. A company must have a solid cybersecurity posture that extends to cover compliance safeguards in order to achieve compliance. While CMMC compliance is a specific set of requirements that a company must meet to do business with the DoD, cybersecurity is a broader and ongoing practice that should be applied to all aspects of a company's operations to protect against cyber threats.
To read this entire panel discussion, which appeared in the April 2023 issue of SMT007 Magazine, click here.