Featured Image

Keep Calm and Plan On

The new Cyberspace Maturity Model Certification (CMMC) 2.0 may sound scary and overwhelming for smaller companies to comply with, but there are some simple steps manufacturers can take now to get a handle on their current cybersecurity situation.
Apr 05, 2022

As the U.S. Department of Defense (DoD) continues to finalize the Cyberspace Maturity Model Certification (CMMC) 2.0, many manufacturers anxiously wonder when and how to begin the process of compliance. The good news is that there's no need to panic. It may not be as difficult or complex as some people think.

CMMC 2.0 is a comprehensive framework to protect the defense industry from cyberattacks. The policy requires all military contractors and subcontractors that supply products to the DoD to follow prescribed cybersecurity standards and demonstrate accountability. To date, no release schedule has been announced.

CMMC contains all NIST800-171 requirements that address organizational, managerial, and technological controls. This may include login procedures, access control, and full scanning requirements for all software used within the company's system. Even a seemingly harmless music streaming download by an employee can introduce malware that takes down an entire company's system.

For more detail about CMMC 2.0 standards, read the article “CMMC: What Is It and Why Should Every Manufacturing Company Be Paying Attention.”

Start with an assessment   The best way for manufacturers to think proactively about CMMC compliance is to start assessing their current situation. Rather than start from scratch, consider hiring a 3rd party cybersecurity consultant to assess all aspects of the company's security posture.

ProShop ERP (IMTS booth: 133027) of Bellingham, Wash., helps customers get ready for CMMC compliance by beta testing a program called “Flying Start,” a package that combines ERP software with a playbook to meet CMMC standards.

“With Flying Start, manufacturers can work down the checklist of things to do, follow the templates, and get further down the line to compliance so they spend less time with a cyber consultant,” says ProShop CEO Kelsey Heikoop. “We're already embedding tools into the architecture of our software to make compliance easier, but this playbook guides companies to take steps toward CMMC compliance on their own.”

Similar to other certifications  While compliance may seem daunting to some manufacturers, the concepts will likely look very familiar.

“CMMC certification has a lot of parallels to other programs many companies have gone through, such as ISO 9000 certification and Lean Six Sigma,” says John Turner, director of technology for FA Consulting & Technology (FAC&T) and a member of the MTConnect Institute. “It's less scary when they realize that some areas are similar to what they've already done in the past.”

Even for manufacturers not currently in the DoD supply chain, implementing CMMC controls is crucially important because bad actors are targeting medium- and small-sized companies that may appear to be a “weak link” in the supply chain. In other words, small vendors that serve large organizations have high risk factors.

Plus, being CMMC-compliant can be a differentiator over competitors during an RFP that specifies a CMMC-approved supplier. Eventually, CMMC is likely to become an industry standard beyond DoD requirements.

Boston-based Paperless Parts (IMTS booth: 133268), a manufacturing quoting software provider, is taking many steps to secure its own networks internally while helping customers with CMMC compliance. It has even hired a new director of cybersecurity governance, Jonall Cobble, who was previously a CMMC assessor.

“The threat landscape is big and there are many state-sponsored malicious actors that have a huge interest in the manufacturing industry,” Cobble says. “We've taken the mindset that security needs to be built into the product and not done as an afterthought. If you're just putting a security blanket over the top of it, it's actually not secure once you're on the inside.”

Although it may not impact a manufacturer's ability to get a DoD-related contract anytime soon, now's the time to begin looking at cybersecurity needs with goal of achieving CMMC compliance.

Ryan Kelly
General Manager, San Francisco Tech Lab
Recent technology News
IMTS has announced the opening of registration for more than 10 conferences at IMTS 2024, an enhanced conference format, and new IMTS Elevate programs for IMTS 2024. IMTS also announced that visitor housing registration is now open.
At IMTS 2024, discover unexpected solutions, including haptic feedback to improve remote robot operation and digital training, quality control software, additive manufacturing powders and gases, services to address labor issues via an app, and more.
With more than 1 million square feet of exhibit space and just nine months remaining before the show, we thought you would appreciate a look at what team members are focusing on now to ensure that IMTS runs like a well-oiled machine.
While German in origin, Formnext and SPS will become familiar to U.S. audiences on Sept. 9-14 at IMTS 2024 as a result of the partnerships that AMT, the owner and producer of IMTS, has established with these organizations.
Watch the bonus episode of Season 3 of the IMTS+ Original Series “Road Trippin’ with Steve,” on his visit to Kawasaki Robotics where robots are everywhere—and doing everything you can imagine to power production.
Similar News
By Benjamin Moses | Apr 19, 2024

Episode 116: The gang shares their love for amusement parks. Stephen is happy to announce that there are a lot of testbed updates. Elissa presents further evidence that Elon Musk is dumb. Ben closes with an allegedly new method of 3D printing.

29 min
By Stephen LaMarca | Apr 19, 2024

Stagnant talent dilemma. No retirement for Atlas. New tech for an old-people game. ABB found red October. Data irrigation.

6 min
By Tim Shinbara | Mar 18, 2024

Discover how MTConnect bridges the innovation lag between consumer tech and manufacturing. As a unifying open-source standard, MTConnect streamlines machine communications and fuels emerging tools like digital twins.

5 min