26 MiMfg Magazine January / February 2022
Premium Associate Member
CMMC 2.0 : Unraveling Changes Impacting MI Manufacturers
By John Stephens • Convergence Networks
Michigan manufacturers are faced with daily attacks on their data and systems , threatening the very integrity , reputation and financial stability the businesses have worked so hard to build over the years . With the cyber security landscape continuing to morph at intense rates , the U . S . Department of Defense ( DoD ) is concerned that companies wanting to do business with them are not taking adequate measures to prevent exposing national security information to hackers and harming the country .
Enter the Cybersecurity Maturity Model Certification ( CMMC ) requirements , meant to unify the implementation of cyber security across the Defense Industrial Base ( DIB ). This increased level of cyber security maturity is above and beyond the existing NIST 800-171 requirement and adds a standard for audit and demonstration that was not present before .
How does this impact Michigan manufacturers ? When an organization operates fully or even partially within the spectrum of the DIB , it is important to understand the NIST 800-171 baseline is still required no matter how much business you do with the DoD and companies need to properly secure and protect the sensitive information they receive , store and transmit related to these contracts , even if it ’ s only a very small portion of their company revenue stream .
Navigating CMMC
Prior to CMMC , the DoD had other standards in place but there was no certification process . It was a “ pinky-swear ” kind of a thing . You can imagine why this kind of standard wouldn ’ t cut it in today ’ s world . Contractors found holes in the “ scout ’ s honor ” model and frankly the DoD ’ s growing concern moved them to create CMMC .
As with any kind of compliance , it ’ s an ongoing effort . If you are compliant today , you could easily become uncompliant by Friday . The important thing to know is that since businesses change , processes change , and technology changes .
For manufacturers that operate within the spectrum of the DIB , it is a large challenge to overcome with significant opportunity once achieved . Unfortunately , this typically means smaller manufacturers will have to be strategic in how they approach CMMC , being very clear on which level they need to attain as well as leveraging outside expertise .
Get More !
Scan to Register for CMMC 2.0 : Unraveling Changes Register Impacting MI Manufacturers on Wednesday , 2 / 23 / 22 , at 11:30 a . m . This webinar will cover what ’ s new with CMMC 2.0 and the most crucial steps you need to take in the coming year to prepare .
Your journey to becoming CMMC compliant warrants a roadmap . Something that can document your starting point , your destination and all the milestones in between . CMMC certification standards are constantly changing . While CMMC is still rather new , a 2.0 version has already launched , leaving manufacturers scratching their heads wondering what has changed .
Unraveling Changes with CMMC 2.0
“ But I don ’ t even have CMMC 1.0 figured out ?!” You and everyone else . That is just how fast security standards evolve and why companies need to have a flexible strategic plan with the budget allocations to accommodate the coming version and rule changes .
If you haven ’ t had a chance to create your roadmap for your CMMC trek , you won ’ t want to miss the upcoming CMMC 2.0 : Unraveling Changes Impacting MI Manufacturers webinar on Wednesday , 2 / 23 / 22 , hosted by MMA and ASK , a Convergence Networks Company . You will learn about what ’ s new with CMMC 2.0 and the most crucial steps you need to take in the coming year to prepare . 6
John Stephens , CISSP , CEHv8 , Pentest +, Security +, ITIL Foundation , is Director of Security Operations for Convergence Networks , a forward-thinking managed services and security provider focused on preparing customers for the future that ’ s just around the bend . He may be reached at jstephens @ luminantsecurity . com or 503-905-3281 .