This includes conducting an analysis of the people , processes and technology associated with a company ’ s cybersecurity plan and identifying gaps . From there , companies can develop a road map and assign a cost to filling each gap .
Companies already in full NIST compliance are well-positioned to address the additional requirements for Level 3 CMMC . Those considering doing business with the DoD for the first time in the next two years should focus their attention on preparing for Level 3 CMMC .
While many contractors are concerned about the costs associated with achieving CMMC , DoD has stated that these costs should not be prohibitive and have determined that the cost of certification will be considered an allowable , reimbursable cost .
Beyond Defense Contracting
While CMMC is presently required only for suppliers working with the DoD , the standard is paving the way for other sectors . Major aerospace OEM ’ s including GE , Boeing , Northrup Grumman , Raytheon , and Lockheed Martin have developed their own dedicated data security requirements for suppliers . As CMMC rolls out , Stanton says companies may well adopt that single set of standards throughout their entire supply chain .
“ I firmly believe that we ’ ll see the commercial aerospace world stop bifurcating between their defense and commercial supply chains . Once you start seeing CMMC audits happening , you will probably see the Boeings of the world start saying to all of their suppliers ‘ Let me see your CMMC certification ’.”
OCTOBER | NOVEMBER 2021 ISSUE NO . 23 37