The defense industrial base (DIB) is targeted more than ever, as bad actors seek sensitive information about our military and critical infrastructure. Threats like Volt Typhoon, PowerDrop, and nation-state plots highlight the importance of supply chain cybersecurity and show why programs like Cybersecurity Maturity Model Certification (CMMC) were enacted.
A new study conducted by Merrill Research and commissioned by CyberSheath shows DIB contractors are aware of the targets on their backs but haven’t implemented the necessary security controls. According to the study, the average Supplier Performance Risk System (SPRS) score is a woeful -15, far short of the 110 score required by the Defense Federal Acquisition Regulation Supplement (DFARS).
DFARS was signed into law in 2017 and is in over 1 million contracts today, but adherence to compliance requirements remains low. Only 36% of respondents even submitted SPRS scores, significantly lower than the 46% that submitted last year in the inaugural study. Moreover, 81% of respondents claim to be compliant only via self-assessment, up 10 percentage points from last year. Significantly fewer reported compliance via medium or high assessment.
If your company contracts with the Department of Defense (DOD), you’re obligated to comply with DFARS and will soon be required to comply with CMMC 2.0 as well. Achieving compliance is more than just checking a box; it’s integral to protecting our national security. More contractors need to take that responsibility seriously.
Only 19% of respondents have implemented vulnerability management solutions, and 25% have secure IT backup solutions, both keys to DFARS compliance which were implemented more last year, according to the 2022 survey. Yet 40% go further than the law requires and explicitly deny the use of Huawei, which the Federal Communications Commission (FCC) designated as a national security risk.
Contractors can’t pick and choose which areas they’ll take action on, and CMMC compliance isn’t some impossible Rubik’s Cube. Cost pressures and complexity are solvable challenges.
CyberSheath’s Federal Enclave is a proven solution that reduces the burden on DIB contractors and implements the necessary controls so those companies can remain compliant and keep winning contracts with the DOD. Federal Enclave’s custom-built dashboard brings together world-leading technologies for compiling data and facilitating visibility into compliance so contractors know they’re adherent and secure.
Learn more about the state of DIB cybersecurity by reading the study.