Featured Image

Keep Calm and Plan On

The new Cyberspace Maturity Model Certification (CMMC) 2.0 may sound scary and overwhelming for smaller companies to comply with, but there are some simple steps manufacturers can take now to get a handle on their current cybersecurity situation.
Apr 05, 2022

As the U.S. Department of Defense (DoD) continues to finalize the Cyberspace Maturity Model Certification (CMMC) 2.0, many manufacturers anxiously wonder when and how to begin the process of compliance. The good news is that there's no need to panic. It may not be as difficult or complex as some people think.

CMMC 2.0 is a comprehensive framework to protect the defense industry from cyberattacks. The policy requires all military contractors and subcontractors that supply products to the DoD to follow prescribed cybersecurity standards and demonstrate accountability. To date, no release schedule has been announced.

CMMC contains all NIST800-171 requirements that address organizational, managerial, and technological controls. This may include login procedures, access control, and full scanning requirements for all software used within the company's system. Even a seemingly harmless music streaming download by an employee can introduce malware that takes down an entire company's system.

For more detail about CMMC 2.0 standards, read the article “CMMC: What Is It and Why Should Every Manufacturing Company Be Paying Attention.”

Start with an assessment   The best way for manufacturers to think proactively about CMMC compliance is to start assessing their current situation. Rather than start from scratch, consider hiring a 3rd party cybersecurity consultant to assess all aspects of the company's security posture.

ProShop ERP (IMTS booth: 133027) of Bellingham, Wash., helps customers get ready for CMMC compliance by beta testing a program called “Flying Start,” a package that combines ERP software with a playbook to meet CMMC standards.

“With Flying Start, manufacturers can work down the checklist of things to do, follow the templates, and get further down the line to compliance so they spend less time with a cyber consultant,” says ProShop CEO Kelsey Heikoop. “We're already embedding tools into the architecture of our software to make compliance easier, but this playbook guides companies to take steps toward CMMC compliance on their own.”

Similar to other certifications  While compliance may seem daunting to some manufacturers, the concepts will likely look very familiar.

“CMMC certification has a lot of parallels to other programs many companies have gone through, such as ISO 9000 certification and Lean Six Sigma,” says John Turner, director of technology for FA Consulting & Technology (FAC&T) and a member of the MTConnect Institute. “It's less scary when they realize that some areas are similar to what they've already done in the past.”

Even for manufacturers not currently in the DoD supply chain, implementing CMMC controls is crucially important because bad actors are targeting medium- and small-sized companies that may appear to be a “weak link” in the supply chain. In other words, small vendors that serve large organizations have high risk factors.

Plus, being CMMC-compliant can be a differentiator over competitors during an RFP that specifies a CMMC-approved supplier. Eventually, CMMC is likely to become an industry standard beyond DoD requirements.

Boston-based Paperless Parts (IMTS booth: 133268), a manufacturing quoting software provider, is taking many steps to secure its own networks internally while helping customers with CMMC compliance. It has even hired a new director of cybersecurity governance, Jonall Cobble, who was previously a CMMC assessor.

“The threat landscape is big and there are many state-sponsored malicious actors that have a huge interest in the manufacturing industry,” Cobble says. “We've taken the mindset that security needs to be built into the product and not done as an afterthought. If you're just putting a security blanket over the top of it, it's actually not secure once you're on the inside.”

Although it may not impact a manufacturer's ability to get a DoD-related contract anytime soon, now's the time to begin looking at cybersecurity needs with goal of achieving CMMC compliance.

PicturePicture
Author
Ryan Kelly
Vice President, Technology
Recent technology News
Manufacturing is the process of transforming raw materials into something with value. When you add a fervor for art, a keenness for progress, or a desire to help, you get a passion project.
It is the quintessential event that brings our industry together – whether it’s the moment they walk into the Grand Concourse, captivated by the energy of the vibrant crowd, or the enduring relationships they build.
IMTS 2024 brought the manufacturing technology community together for six exhilarating days filled with opportunities to explore new solutions and build meaningful connections.
From industry icons to next-generation innovators, presenters on the IMTS+ Main Stage shared a common conviction that the future of the manufacturing industry is limited only by imagination – and there is no shortage of that.
IMTS is the exclusive North American event to discover the latest technologies, hear new ideas, and connect with the best and brightest in the industry. If you couldn’t make this time, or to get a refresher on the highlights, read on…
Similar News
undefined
Technology
By Benjamin Moses | Feb 05, 2025

While NFL teams usually limit their rookies’ play, quarterback Jayden Daniels led the perpetually inept Washington Commanders deep into the playoffs and rewrote record books. His secret? Virtual reality training. Imagine what it can do for manufacturing.

8 min
undefined
Technology
By Gary Vasilash | Jan 27, 2025

New technologies don’t appear with the speed and certainty of throwing a switch. They grow, evolve, and then seem to emerge.

8 min
undefined
Technology
By Benjamin Moses | Jan 31, 2025

Factors like reshoring and the expansion of the defense, medical, and space sectors drive manufacturing's adoption of emerging technologies. Explore the accelerators and barriers of automation, additive manufacturing, generative AI, and digital twins.

5 min