If you’re a manufacturer or operate some type of machine shop, and you do business with America’s defense establishment directly or through a defense contractor, you need to be aware of a new cybersecurity standard that will have a large impact on your company.
The Department of Defense (DoD) created what’s known as the Cybersecurity Maturity Model Certification (CMMC) to beef up cybersecurity measures throughout its massive supply chain. Built upon existing compliance standards under Defense Federal Acquisition Regulation Supplement (DFARS) and NIST (National Institute of Standards and Technology) requirements, CMMC is designed to ensure that all DoD contractors and their subcontractors protect their information systems with robust security measures.
The degree of security makes sense when you consider that defense contractors and subcontractors have access to national security information related to projects and processes. Additionally, those companies may have direct connections to government IT systems. Cybercriminals are constantly seeking vulnerabilities they can exploit. Remember when Target Corporation’s system was breached in 2013, leading to the release of personal data from more than 100 million consumers? That breach was traced to an HVAC contractor using the retailer’s computer gateway. Clearly, DoD doesn’t want to find itself in a similar situation.
Requirements for CMMC compliance vary, based upon the nature of the company and its access to information. Whether your company will be expected to document “basic cyber hygiene,” “advanced cyber hygiene,” or something in between depends upon the work you do. Unlike programs that allow self-reporting, you’ll be expected to verify CMMC compliance through a third-party auditor before DoD will issue a contract. Companies that fail to maintain compliance will lose out on the opportunity to bid on defense projects with higher-level specifications. Not only could that mean the loss of lucrative government contracts, but it would also have a negative impact on your company’s reputation.
While manufacturers and machine shop operators may be frustrated about having to comply with yet another set of federal rules, attaining CMMC compliance will provide significant benefits in that it increases your ability to protect your company, your data, and your other customers from cybercrime. After all, the practices included in CMMC are considered as basic protection under today’s cybersecurity standards. Compliance for CMMC for manufacturers and machine shop practices will be evaluated in several areas, including:
- Data safeguards, such as verifying that data centers cannot be accessed inappropriately, and that measures have been taken to limit data theft through measures such as USB drives.
- Password policies that ensure passwords provide the right level of protection through complexity, regular changes, and practices such as limiting the number of attempted logins.
- Ongoing training to keep employees abreast of security challenges, such as sending fake phishing emails to see if employees can be duped into revealing information.
- Threat protection, with systems to spot attacks from outside the system, malicious code, and other tactics that can alert companies to danger.
- Additional steps, such as multi-factor authentication to verify that users are who they claim to be.
If you’re a Brightworks client, the good news is that we have you covered when it comes to CMMC compliance. We work with a select group of vendors and other experts that ensure our systems comply with the most challenging regulations, from CMMC to the healthcare world’s HIPAA. Our team understands the real-world challenges of cybersecurity and the expectations of compliance programs. Because we focus on keeping your company ahead of the ever-evolving challenges, you can stay focused on your primary business.
Want to know more about CMMC for manufacturers, machine shops, and how it may affect your company? We’ll be happy to provide more information. Contact Brightworks today.
Want more information on the CMMC, what it means for you, and how to stay compliant? Download this brief guide and introduction to the all-important CMMC.