CMMC and Manufacturing
If you are supplying goods to the government, you’ve likely heard about Cybersecurity Maturity Model Certification (CMMC). The Department of Defense (DoD) developed the CMMC to address significant compromises of sensitive defense information in response to cyberattacks on defense contractors. Most notable was a string of cyberattacks on Navy contractors by Chinese spies, detailed in a 2018 Wall Street Journal expose. The WSJ article prompted an internal Navy cybersecurity audit, which described the military as woefully underprepared for modern cybersecurity threats. One of the issues noted in the Navy audit was that the DoD relied on its contractors to self-report cyber vulnerabilities and incidents. This honor system resulted in very few incidents being reported. The CMMC consists of 171 cybersecurity best practices and five “maturity levels,” ranging from basic cyber hygiene to advanced processes. The more best practices an organization meets, the higher its maturity level, and the more contracts they’ll be eligible to bid on.