fb pixel

CMMC Compliance Requirements Aren’t Changing Due to COVID-19


Manufacturing companies and organizations in the DoD supply chain have a significant revenue opportunity if under CMMC compliance

With the world turned on its head following the COVID-19 pandemic, some expected the Department of Defense to adjust its timeline for implementing the forthcoming Cybersecurity Maturity Model Certification (CMMC) requirements. However, the DoD has made it clear that implementing these standards remains a priority.

Katie Arrington, Chief Information Security Officer (CISO) for Assistant Secretary for Defense Acquisition said, “We are continuing with rolling out the CMMC, we are not slowing down,” at an April 1 CDM Workshop. “COVID-19 is a horrible event for the globe. But the sun will rise, and we have to continue to march forward. And gratefully and thankfully, the teams have been working virtually on this.”

This means that in order to qualify for new defense contracts, companies in the DoD supply chain will need to have been audited and demonstrate their certification level required for a particular contract. Given the confirmation that these CMMC requirements will be showing up in Requests for Information (RFIs) in June, companies that want to be able to win these bids will need to understand their compliance gaps and be actively working to close them.

Many leading manufacturers and other organizations in the supply chain are seeing this as a significant opportunity. As the economy takes a massive hit and other business opportunities disappear, the DoD will continue spending money and organizations that have been CMMC certified will gain the opportunity to win those bids and benefit from that government spending.

Mainstay Technologies has been a trusted partner for organizations in the supply chain and can perform CMMC compliance gap analyses, help close any gaps (both related to technical, administrative, and physical controls), as well as help support CMMC compliance as it evolves over the long-term.