Larry Caschette
For top tier-related contract manufacturers, 2025 is set to usher in a new security provision mandated by the DoD for all who supply the millions of precision-machined parts that keep our tanks rolling and military aircraft flying. CMMC 2.0 is the revised version of the Cybersecurity Maturation Model Certification, which establishes a baseline cybersecurity protocol designed to safeguard what we in the industry refer to as controlled unclassified information (CUI).
With the final compliance regulations yet to be ironed out, the industry expects the new rules to go into effect by late spring or early summer. There is also a three-year phase-in period, which seems necessary at this point considering the level of disparity among the cybersecurity and procurement departments collaborating to ensure non-prime contractors like us get it right.
Sticker Shock and Higher Prices
As the owner of a top tier-level metal manufacturing company that supplies prime DoD contractors, I can share firsthand that there is a significant expense involved in meeting the CMMC requirements. We first became aware of the impact after acquiring a small machine shop that was supplying parts to a DoD prime contractor. Prime DoD contractors like General Dynamics, Lockheed-Martin, and Boeing can easily absorb the elevated costs but it appears we will have no choice but to raise prices to continue supplying our defense-related partners.
No comments:
Post a Comment