Takeaways from CMMC Con 2021: Compliance Gains Importance

By Kristen Morales • October 13, 2021

There has always been a risk of losing business for defense contractors that haven’t achieved compliance. That threat alone wasn’t compelling enough for the Department of Justice (DOJ), which has vowed to crack down on contractors that fail to follow required cybersecurity standards.


As we heard from Aries Security CEO Brian Markus at CMMC Con 2021, the False Claims Act has a huge influence on the Defense Industrial Base (DIB) and that legal avenue is how the DOJ says it will levy fines.


“Everyone’s role as a defense contractor is to protect the information that the government’s entrusting you with,” Markus said. “If you’re a small [contractor], it actually, in some cases, is more important and more critical because the smalls tend to have less security and the threat actors have been picking them off one by one. The nation-state attackers are able to see what the government is ordering, how many, when they’re ordering them, so they can get an understanding of what we’re actually doing as a nation and how we’re doing it.”


CMMC-AB vice chairman Jeff Dalton raised similar concerns at CMMC Con 2021, saying, “adversaries are after our intellectual property.” The willingness of nations to hack into others’ systems is expected to rise.


Dr. Robert Spalding shared at CMMC Con 2021 that artificial intelligence (AI) and quantum computing could further complicate foreign relations in the coming years. This will mark the period of a “second cold war.” Geography is a defining matrix of competition and governments will favor cyberwarfare as a means of avoiding mass casualties and destruction.


What’s at stake for a lapse in security is now too valuable for the federal government to rely simply on self-assessments or let compliance go unchecked. Contractors should have been compliant all along and now the pressure has increased to prove it. We wrote the book on how contractors should get started with CMMC, a clear playbook for how to navigate the process of compliance. We should know. CyberSheath has been performing assessments for years.


CMMC will remain important as the security landscape continues to change. Tenable CEO Amit Yoran, the keynote speaker at CMMC Con 2021, noted the government is now just as involved as private companies in cybersecurity.


“Minimum standards for security are an absolute necessity to follow,” Yoran said. “We’d really like a level of visibility, understanding, and accountability. Establish levels of care and identify what negligence looks like. Once we achieve this, we can make progress on a long-term basis. We can stop a majority of attacks today by following these standards.”


If you missed out on CMMC Con 2021, catch up with a full recording of the day’s events and speakers.

CyberSheath Blog

2022 in Review: The CyberSheath Story Expands

This year marked a deluge of messaging about the Cybersecurity Maturity Model Certification (CMMC) and federal contractors were rightfully confused. With our keystone event, CMMC CON, we aimed to set the record straight and offer the best guidance for those in the Defense Industrial Base (DIB).   CMMC CON 2022…

CyberSheath Endorsed by Frost & Sullivan in First Independent Analyst Commentary on CMMC

Independent analyst firms have weighed in with commentary on nearly every discipline of information technology. Security has garnered a large portion of that IT discussion, yet until recently, Cybersecurity Maturity Model Certification (CMMC) compliance has been left out.   Frost & Sullivan changed that by selecting CyberSheath as its preferred…

Be Prepared: CMMC 2.0 Is Coming

Cybersecurity is increasingly important to safeguard your company, your customers, and your partners. We're moving into a global cyber era and we've got to get better at protecting ourselves.   Our adversaries are capitalizing on the lack of security controls in place in the defense industrial base (DIB) and we…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO