Takeaways from CMMC Con 2021: Compliance Gains Importance

By Kristen Morales • October 13, 2021

There has always been a risk of losing business for defense contractors that haven’t achieved compliance. That threat alone wasn’t compelling enough for the Department of Justice (DOJ), which has vowed to crack down on contractors that fail to follow required cybersecurity standards.


As we heard from Aries Security CEO Brian Markus at CMMC Con 2021, the False Claims Act has a huge influence on the Defense Industrial Base (DIB) and that legal avenue is how the DOJ says it will levy fines.


“Everyone’s role as a defense contractor is to protect the information that the government’s entrusting you with,” Markus said. “If you’re a small [contractor], it actually, in some cases, is more important and more critical because the smalls tend to have less security and the threat actors have been picking them off one by one. The nation-state attackers are able to see what the government is ordering, how many, when they’re ordering them, so they can get an understanding of what we’re actually doing as a nation and how we’re doing it.”


CMMC-AB vice chairman Jeff Dalton raised similar concerns at CMMC Con 2021, saying, “adversaries are after our intellectual property.” The willingness of nations to hack into others’ systems is expected to rise.


Dr. Robert Spalding shared at CMMC Con 2021 that artificial intelligence (AI) and quantum computing could further complicate foreign relations in the coming years. This will mark the period of a “second cold war.” Geography is a defining matrix of competition and governments will favor cyberwarfare as a means of avoiding mass casualties and destruction.


What’s at stake for a lapse in security is now too valuable for the federal government to rely simply on self-assessments or let compliance go unchecked. Contractors should have been compliant all along and now the pressure has increased to prove it. We wrote the book on how contractors should get started with CMMC, a clear playbook for how to navigate the process of compliance. We should know. CyberSheath has been performing assessments for years.


CMMC will remain important as the security landscape continues to change. Tenable CEO Amit Yoran, the keynote speaker at CMMC Con 2021, noted the government is now just as involved as private companies in cybersecurity.


“Minimum standards for security are an absolute necessity to follow,” Yoran said. “We’d really like a level of visibility, understanding, and accountability. Establish levels of care and identify what negligence looks like. Once we achieve this, we can make progress on a long-term basis. We can stop a majority of attacks today by following these standards.”


If you missed out on CMMC Con 2021, catch up with a full recording of the day’s events and speakers.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO