Aerospace and defense suppliers are no strangers to certifications that ensure high standards for quality and safety including AS9100 , NADCAP , ISO9001 , and ITAR . Thanks to an increasingly digitized world with formidable threats to sensitive data , cybersecurity safeguards and processes have become additional “ must haves ” for companies seeking to survive and thrive .
For those doing business with the Department of Defense ( DoD ), a new framework known as Cybersecurity Maturity Model Certification ( CMMC ) sets the standard for cybersecurity protocols . And , while CMMC is currently a directive for DoD contractors , the framework is likely to be used in some form by other federal agencies and will drive standards in key private sector industries , including aerospace , in the not-so-distant future .
Background
In 2016 , the DoD amended the Defense Federal Acquisition Regulation Supplement ( DFARS ) to provide safeguards for Controlled Unclassified Information ( CUI ) shared with contractors in carrying out their work . Through this amendment , DFARS Clause 252.204-7012 , contractors have been required to implement the security measures outlined in the National Institute of Standards and Technology Special Publication 800-171 ( NIST SP 800-171 ) since January 1 , 2018 . Compliance with these measures is done by self-attestation , which has led to confusion , misinterpretation , and a low rate of compliance across the Defense Industrial Base ( DIB ).
CMMC
These compliance issues , along with a series of high profile breaches of information , led the DoD to begin developing the CMMC framework in 2019 . This model builds on the standards included in NIST SP 800-171 , but goes beyond checking compliance with a specified set of controls . CMMC also measures the overall maturity of a company ’ s cybersecurity plan to ensure that practices and processes are ingrained in the organization ’ s operations . Certification is to be completed by a third party auditor and eliminates the allowance for Plans of Action and Milestones ( POAMs ) in place of established controls .
34 NORTHWEST AEROSPACE NEWS