-
- News
- Books
Featured Books
- smt007 Magazine
Latest Issues
Current IssueComing to Terms With AI
In this issue, we examine the profound effect artificial intelligence and machine learning are having on manufacturing and business processes. We follow technology, innovation, and money as automation becomes the new key indicator of growth in our industry.
Box Build
One trend is to add box build and final assembly to your product offering. In this issue, we explore the opportunities and risks of adding system assembly to your service portfolio.
IPC APEX EXPO 2024 Pre-show
This month’s issue devotes its pages to a comprehensive preview of the IPC APEX EXPO 2024 event. Whether your role is technical or business, if you're new-to-the-industry or seasoned veteran, you'll find value throughout this program.
- Articles
- Columns
Search Console
- Links
- Events
||| MENU - smt007 Magazine
The Double-edged Sword of CMMC 2.0
June 6, 2022 | Divyash Patel, MX2 TechnologyEstimated reading time: 2 minutes
For the past few years, those whose SMT provider organizations supply or contract with the U.S. Department of Defense (DoD) have been hearing about—or even gearing up for—implementation of the Cybersecurity Maturity Model Certification (CMMC) program. By this, I mean that you were gearing up for CMMC 1.0. Today, we have CMMC 2.0, and there are several changes in the new version that impact both the standards for compliance and how you certify that compliance—especially if you run a small business.
Small businesses are the backbone of the defense industrial base (DIB), just as they are for the entire economy. As both patriots and businesspeople, I’m sure most contractors serving the DoD support the goals of the CMMC program: ensuring the security of sensitive data up and down the supply chain. I’m also certain that the CMMC 1.0 rules, which went into effect in November 2020, caused more than a little stress and anxiety for smaller contractors. Why? Because CMMC 1.0 required contractors to undergo an examination by a Certified Third-Party Assessment Organization (C3PAO) to become certified.
When it became clear that the burden CMMC 1.0 placed on small contractors was significant enough to potentially force some out of the DIB, the DoD hit pause on the CMMC program. In fact, the official in charge of the CMMC’s implementation came out and said one of the main goals of revising the program was to decrease the cost burden on small businesses. As a result, the DoD scrapped CMMC 1.0 and announced CMMC 2.0 in November 2021. The full 2.0 framework is expected to be released sometime next year.
But don’t make the mistake of thinking the government will kick the CMMC can down the road once again when 2023 rolls around. I fully expect CMMC 2.0 to come online when the rules are final.
At a high level, the two major changes that will likely affect you are the new tiers of security and the shift to annual self-attestation of compliance.
The original CMMC defined five levels of security. CMMC 2.0 has three:
- Foundational
- Advanced
- Expert
For most of you, the newly collapsed levels won’t change the practical compliance requirements. This is good news. Most contracts will fall into Level 1, so any work you have done to this point to achieve Level 1 compliance under CMMC 1.0 has not been wasted. The new framework relies on the same 17 baseline security controls used in the prior version—more on those controls in a moment.
The key distinction between Level 1 and Level 2 under CMMC 2.0 has to do with the type of information you handle. Level 1 focuses on securing federal contract information (FCI), for which there are no national security concerns. The bar for Level 1 is not set very high— it is essentially developing and maintaining good baseline cybersecurity policies and procedures. In my view, this is something any company should do; it’s just a good business practice.
To read this entire article, which appeared in the June 2022 issue of SMT007 Magazine, click here.
Suggested Items
NASA Doubles Down, Advances 6 Innovative Tech Concepts to New Phase
05/03/2024 | NASAOne of the ‘science fiction-like’ concepts — for a lunar railway system to provide payload transport on the Moon — is being developed at NASA’s Jet Propulsion Laboratory.
Sypris Receives New Releases Under Electronic Warfare Program
05/03/2024 | Sypris Electronics LLCSypris Electronics, LLC, a subsidiary of Sypris Solutions, Inc., announced that it has recently received additional releases under a multi-year production contract that was first announced in 2022. The order, which provides for Sypris to begin deliveries in 2024, calls for the manufacture and test of electronic assemblies for an additional four systems to be supplied to a U.S. DOD contractor.
SIA Statement on Senate Commerce Committee Legislation that Funds CHIPS & Science Programs
05/02/2024 | SIAThe Semiconductor Industry Association (SIA) today released the following statement from Vice President of Government Affairs David Isaacs in support of provisions included in legislation pending before the Senate Commerce Committee that would fund critical CHIPS & Science Act programs.
Real Time with… IPC APEX EXPO 2024: Exploring Electronic Card Testing and AI Integration with SPEA
05/02/2024 | Real Time with...IPC APEX EXPOLuca Fanelli, president of SPEA, and vice president Andrea Furnari discuss the company and its business units. The challenges in testing electronic cards and SPEA's solutions are discussed, and its focus on the US market is emphasized. The use of AI in testing, particularly in optical inspection and test program execution, is also examined.
Koh Young Extends Invitation to the 2024 IEEE Electronic Components and Technology Conference
04/30/2024 | Koh YoungKoh Young, the industry leader in True3D measurement-based inspection solutions, invites you to join us at the at the 2024 IEEE Electronic Components and Technology Conference from May 28-31, 2024, in Denver, Colorado at the Gaylord Rockies Resort & Convention Center.