CMMC Is Here

By Kristen Morales • January 24, 2023

As a contractor in the defense industrial base, your company needs to be ready to demonstrate compliance with CMMC. You should have the resources and ability to take action if you want to stay eligible for federal contracts.

CMMC timeline: Today, not tomorrow

During our CMMC CON last year, we had the chance to talk with Jeff Dalton, the newly appointed chairman of the CMMC Accreditation Body, about all things CMMC, including the urgency for acceptance of the new mandate. “We are out of time to protect our data and our networks,” he says. “We’re being infiltrated and attacked as we speak, probably far more than the average person realizes. Companies should be adopting some standard now—today. CMMC/NIST800-171 provides evolutionary paths to maturity, which are critically important as you can’t just say, ‘We’re cyber secure today’ and think your organization is all set in perpetuity.’

As you work to wrangle your cybersecurity initiatives, apply similar rigor, methodology, and project management that you would utilize if you were building something for your customer. Treat CMMC and cybersecurity the same way: create a project, craft and resource a plan, and measure your progress.

One standard, one model to move the country forward

Being closely tied to CMMC, Jeff of course believes in the strength of the standard, but he says it doesn’t matter to him which framework or model companies choose, as long as they apply some rubric to advance their security posture. “CMMC is a baseline,” he states. “I would be ecstatic if the various agencies, corporations, including the Fortune 100, and all their suppliers, would use it as their baseline to measure themselves against.”

Committing to adherence to a baseline provides the expectation that your organization is going to meet certain requirements and then work to further improve your processes. “That’s why I like CMMC because it’s having various levels,” Jeff continues. “You complete one level, and then there’s another level to reach for.”

Another reason for standardizing on CMMC is that it already has an ecosystem, which other models don’t possess. “We are in a situation now in our country where they have to adopt something, get started, and then be able to measure performance.”

There’s no turning back

If you examine any kind of serious aerospace, space travel, or automotive company, or any entity making millions of high-cost products, they all have processes, standards, and policies that they follow. With software, cyber and IT services, and most technology engineering disciplines, there is resistance to standardizing process and policies. That needs to change.

CMMC is here and it’s real. The training has started. “We have thousands of people in the ecosystem now. Many people have been through the training and program, and certified assessor training is about to start,” Jeff shares. “The AB is also offering new executive training, which is aimed at the executives and purchasing agents of organizations seeking certification.”

“CMMC has caused cybersecurity to become dinner table conversation and that’s a really positive thing because we’re never going to change until we all start thinking about it and doing something about it,” he concludes.

When your company is ready to take the next step on your path to more robust cybersecurity, contact the experts at CyberSheath. We’re here to help you meet your compliance and cybersecurity goals.

CyberSheath Blog

2022 in Review: The CyberSheath Story Expands

This year marked a deluge of messaging about the Cybersecurity Maturity Model Certification (CMMC) and federal contractors were rightfully confused. With our keystone event, CMMC CON, we aimed to set the record straight and offer the best guidance for those in the Defense Industrial Base (DIB).   CMMC CON 2022…

CyberSheath Endorsed by Frost & Sullivan in First Independent Analyst Commentary on CMMC

Independent analyst firms have weighed in with commentary on nearly every discipline of information technology. Security has garnered a large portion of that IT discussion, yet until recently, Cybersecurity Maturity Model Certification (CMMC) compliance has been left out.   Frost & Sullivan changed that by selecting CyberSheath as its preferred…

Be Prepared: CMMC 2.0 Is Coming

Cybersecurity is increasingly important to safeguard your company, your customers, and your partners. We're moving into a global cyber era and we've got to get better at protecting ourselves.   Our adversaries are capitalizing on the lack of security controls in place in the defense industrial base (DIB) and we…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO