Featured Image

Keep Calm and Plan On

Apr 05, 2022

As the U.S. Department of Defense (DoD) continues to finalize the Cyberspace Maturity Model Certification (CMMC) 2.0, many manufacturers anxiously wonder when and how to begin the process of compliance. The good news is that there's no need to panic. It may not be as difficult or complex as some people think.

CMMC 2.0 is a comprehensive framework to protect the defense industry from cyberattacks. The policy requires all military contractors and subcontractors that supply products to the DoD to follow prescribed cybersecurity standards and demonstrate accountability. To date, no release schedule has been announced.

CMMC contains all NIST800-171 requirements that address organizational, managerial, and technological controls. This may include login procedures, access control, and full scanning requirements for all software used within the company's system. Even a seemingly harmless music streaming download by an employee can introduce malware that takes down an entire company's system.

For more detail about CMMC 2.0 standards, read the article “CMMC: What Is It and Why Should Every Manufacturing Company Be Paying Attention.”

Start with an assessment   The best way for manufacturers to think proactively about CMMC compliance is to start assessing their current situation. Rather than start from scratch, consider hiring a 3rd party cybersecurity consultant to assess all aspects of the company's security posture.

ProShop ERP (IMTS booth: 133027) of Bellingham, Wash., helps customers get ready for CMMC compliance by beta testing a program called “Flying Start,” a package that combines ERP software with a playbook to meet CMMC standards.

“With Flying Start, manufacturers can work down the checklist of things to do, follow the templates, and get further down the line to compliance so they spend less time with a cyber consultant,” says ProShop CEO Kelsey Heikoop. “We're already embedding tools into the architecture of our software to make compliance easier, but this playbook guides companies to take steps toward CMMC compliance on their own.”

Similar to other certifications  While compliance may seem daunting to some manufacturers, the concepts will likely look very familiar.

“CMMC certification has a lot of parallels to other programs many companies have gone through, such as ISO 9000 certification and Lean Six Sigma,” says John Turner, director of technology for FA Consulting & Technology (FAC&T) and a member of the MTConnect Institute. “It's less scary when they realize that some areas are similar to what they've already done in the past.”

Even for manufacturers not currently in the DoD supply chain, implementing CMMC controls is crucially important because bad actors are targeting medium- and small-sized companies that may appear to be a “weak link” in the supply chain. In other words, small vendors that serve large organizations have high risk factors.

Plus, being CMMC-compliant can be a differentiator over competitors during an RFP that specifies a CMMC-approved supplier. Eventually, CMMC is likely to become an industry standard beyond DoD requirements.

Boston-based Paperless Parts (IMTS booth: 133268), a manufacturing quoting software provider, is taking many steps to secure its own networks internally while helping customers with CMMC compliance. It has even hired a new director of cybersecurity governance, Jonall Cobble, who was previously a CMMC assessor.

“The threat landscape is big and there are many state-sponsored malicious actors that have a huge interest in the manufacturing industry,” Cobble says. “We've taken the mindset that security needs to be built into the product and not done as an afterthought. If you're just putting a security blanket over the top of it, it's actually not secure once you're on the inside.”

Although it may not impact a manufacturer's ability to get a DoD-related contract anytime soon, now's the time to begin looking at cybersecurity needs with goal of achieving CMMC compliance.

PicturePicture
Author
Ryan Kelly
Vice President, Technology
Recent technology News
Peter Eelman, the chief experience officer of AMT, is retiring after almost 30 years. Peter has, quite literally, spent the entirety of his 45-year career working on IMTS.
With more than 1 million square feet of exhibit space already booked, IMTS is poised once again to be the strongest manufacturing marketplace in the Western Hemisphere. IMTS 2026 opens Sept. 14-19, 2026. View the floor plan and get exciting updates now!
Currently spanning more than 1 million square feet, the IMTS 2026 floor plan reflects major changes driven by the technologies shaping the future of our industry.
Manufacturing is the process of transforming raw materials into something with value. When you add a fervor for art, a keenness for progress, or a desire to help, you get a passion project.
It is the quintessential event that brings our industry together – whether it’s the moment they walk into the Grand Concourse, captivated by the energy of the vibrant crowd, or the enduring relationships they build.
Similar News
undefined
Technology
By Kevin Bowers | Jul 11, 2025

As experienced service technicians retire, manufacturers risk losing critical knowledge. In a recent AMT webinar sponsored by findIQ, attendees learned how one company captures their hard-won knowledge and passes it on using model-based AI.

5 min
undefined
Intelligence
By Catherine “Cat” Ross | Jun 03, 2025

DN Solutions' new tech center. Trumpf’s smart factory launch. Six new AMT members. Updates from Hexagon, Kennametal, Nikon, United Grinding, Michigan Tech, MIT, and more. Explore the latest in facilities, partnerships, leadership changes, and R&D news.

5 min
undefined
Intelligence
By Christopher Chidzik | Jun 06, 2025

In the midst of the recession caused by the 2008 financial crisis, orders for metalworking machinery totaled around $95 million in Jan. 2009, the lowest level recorded. Although orders grew scarcer, businesses continued to invest in manufacturing tech.

5 min