The Cybersecurity Maturity Model Certification (CMMC) is a new DoD requirement for implementing cybersecurity risk management across the many supply chain companies that make up the defense industrial base (DIB). Eligibility for future DoD contract awards will require the CMMC certification. Supply chain company chief legal officers, compliance officers, and senior leadership are responsible for understanding and enforcing the new DoD security regulatory requirements and compliance standards within their respective organizations and ensuring these current and future business risks are mitigated to improve cybersecurity in the DoD supply chain.
Small, medium, and even some large defense contractors, suppliers, universities, and research labs, which make up most of the DIB supply chain, are among the nation’s most vulnerable and face the highest risk of data exfiltration. Many organizations have not made the required information protection investments, do not have the necessary cybersecurity skills or maturity, and do not perceive themselves as likely targets. The old honor system relying on self-accreditation for supply chain risk management simply wasn’t working.