Work with marketers that understand manufacturing
Explore cutting-edge marketing services designed for the manufacturing industry.
Let's craft a plan together

Does Your Shop Take DOD Contracts? It’s Time to Get CMMC Compliant!

Tags:
    
Author: Jim Carr

Does Your Shop Take DOD Contracts? It’s Time to Get CMMC Compliant!

CMMC stands for Cybersecurity Maturity Model Certification. Most people in manufacturing are familiar with ITAR (International Traffic in Arms). ITAR was a self-certification where you pay to certify and commit to being safe and secure with documents to make sure someone who isn’t a US citizen doesn’t see that data. 

But it wasn’t good enough. We’re always hearing about countries trying to hack other countries for information. So the government is mandating that anyone who is part of the Defense Industrial Base (DIB) gets CMMC certified. You will have to set up a full audit with a third-party auditor and demonstrate to them that you are meeting the requirements of the CMMC. 

The five levels of CMMC compliance

There are five levels of compliance that directly relate to the maturity of your cybersecurity profile. Level one includes the basic rudimentary things you need to do to be safe. To be CMMC compliant, most machine shops will need to obtain a level three certification. Companies like Boeing will need to be a level five—but a machine shop isn’t expected to meet those requirements. For example, if you’re level five you need 24/7 tech support monitoring your network in real-time.

But what does “CMMC Compliant” mean?

What does being compliant with CMMC level three guidelines look like? John Bilek shared a few examples: 

  • If you send emails with a print for a contractor, they must be sent securely. 
  • Your finishers have to be CMMC approved. 
  • You must do background checks for everyone in your company

These are just a few examples of what you’ll need to do to work toward CMMC compliance. Some shops won’t want to tackle the requirements for this certification, which could mean more work for you. But if you wait until the last minute to get audited for the certification, the few assessors that have been approved may be booked. 

Changes ProShop ERP is rolling out to enhance compliance

Paul Van Metre learned about CMMC a little over a year ago. ProShop ERP has been proactive with building over a couple of dozen new features to meet the requirements. Paul points out that the requirements are broken down into 17 different domains, ranging from things like technical controls of your network to security awareness training. ProShop can’t make a company compliant but can help them pass some of the requirements where an ERP system may overlap. 

Controlled unclassified information (CUI) is what the government is trying to protect. CUI can be drawings, models, materials, etc. that include sensitive data. Any device that accesses CUI must be secured. So ProShop ERP has made some changes with its authentication process and has started strengthening password requirements. 

ProShop ERP is run off of the cloud (or the AWS Gov cloud) which will be CMMC compliant. Amazon, Microsoft, Google, and other companies have these server farms. They only employ US citizens. 

ProShop ERP is run off of the cloud (or the AWS Gov cloud) which will be CMMC compliant. Amazon, Microsoft, Google, and other companies have these server farms. They only employ US citizens. 

If you have a customer that asks you to log on to the portal to get drawings and you download those files, you can’t download them on your local computer. They must be downloaded into a K drive; it will never be on your hard drive. It will go straight to the gov cloud. Everyone in your company will need to be trained on this. 

The right partners make the process smooth

Ultimately, you’ll have to meet the requirements of each standard and show an auditor. At the end of the day, we get paid to make precision parts. That’s why we need partners to take the pain away from daily operations. It’s why ProShop ERP is doing everything it can to help its clients meet the CMMC standards. ProShop ERP will come out with a cybersecurity flying start package to help a company walk through the requirements of getting CMMC certified. It’s not prescriptive but lays out a series of workflows.

BAM!

– Jim

What's keeping you up at night?

Explore topics

Keep in touch

Subscribe to our Podcast and Newsletter to stay in the loop!

Connect with MakingChips

Want to reach out to our team? Fill out the form below.