Recently the news was released that any manufacturer who works within the Department of Defense (DoD) channel, through the supply chain flow down, will need to pursue Cybersecurity Maturity Model Certification (CMMC). For the Defense Industrial Base (DIB), this certification is critical and specifically intended for safeguarding Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). Western New York has a plethora of companies involved in this supply chain, so time is now of the essence to embark on the journey to certification.
In today’s inter-connected world, the stakes are non-negotiable when it comes to protecting sensitive defense information. Without compliance to the standard, manufacturers can miss out on new opportunities and face the reputational and financial risks encountered when a data breach occurs. This makes CMMC a competitive necessity for maintaining standing in the DoD industry supply chain and securing future contracts bid opportunities.
The recently published proposed timeline for CMMC 2.0 effectivity:
- December 16, 2024: Rule becomes effective.
- July 2025: The DoD will incorporate CMMC 2.0 requirements into all contracts. This requirement has been included in a significant number of contracts out for bid since 2020.
- October 2025: CMMC Level 2 third-party assessments by Certified Third-Party Assessors (C3PAOs) can begin.
But you do not, and should not, travel this journey alone. Insyte Consulting has been at the forefront of creating awareness of, and guidance toward, meeting the requirements of CMMC in our region. Our process and consultants are at the top of their game, ready to meet with you and discuss your unique situation, so a plan of remediation toward compliance and certification can be scripted. If you are a manufacturer in the 716, reach out to me today to start the conversation: Dave Hanitz – 716.982.6406 or dhanitz@insyte-consulting.com.