John Mitchell, president and CEO of electronics manufacturing industry association IPC, said the Department of Defense (DOD) should give careful consideration to small and medium-sized businesses seeking to comply with the Cybersecurity Maturity Model Certification (CMMC) program.
“The Pentagon needs to take into consideration that most SMBs do not have dedicated cybersecurity personnel to achieve the prerequisites, and while many commercial electronics manufacturers have considerable business with the defense community, they themselves do not consider themselves a defense contractor,” Mitchell said in a statement published Tuesday.
IPC surveyed 108 electronic manufacturers, suppliers and contract manufacturers between Feb. 25th and March 5th and found that 24 percent of respondents said the costs and burdens associated with CMMC compliance may force their companies to exit the U.S. defense market.
According to the survey, 32 percent of respondents said they expect to be ready to undergo a CMMC assessment in one to two years. The majority of the respondents said their companies are willing to spend at least $50,000 on CMMC readiness.
Leslie Weinstein, author of the IPC report on CMMC, said DOD can use existing industry certifications and standards to help reduce the costs and address uncertainties associated with CMMC compliance.
“The DoD recognizes a variety of respected, industry-driven certifications when it comes to hiring cybersecurity professionals,” said Weinstein. “Taking the same approach to certifying suppliers would allow companies to invest more in security than in redundant audits, and it would quickly create a pool of companies who are able to bid on DoD solicitations containing the CMMC DFARS clause. And importantly, it would prevent further erosion of the U.S. defense industrial base.”
If you want to know more about the latest updates about the Cybersecurity Maturity Model Certification, then check out Potomac Officers Club’s CMMC Forum coming up on June 16th.
CMMC Accreditation Body Chairman Karlton Johnson will serve as the keynote speaker for the Forum to provide his overview and vision of the CMMC Rollout as well as the top priorities for the board and how industry feedback will help to improve the vision behind how the organization develops for the first 100 days.
To register for this virtual forum and view other upcoming events, visit the POC Events page.
