Issue link: https://iconnect007.uberflip.com/i/1469343
54 SMT007 MAGAZINE I JUNE 2022 Article by Divyash Patel MX2 SYSTEMS For the past few years, those whose SMT provider organizations supply or contract with the U.S. Department of Defense (DoD) have been hearing about—or even gearing up for— implementation of the Cybersecurity Matu- rity Model Certification (CMMC) program. By this, I mean that you were gearing up for CMMC 1.0. Today, we have CMMC 2.0, and there are several changes in the new version that impact both the standards for compliance and how you certify that compliance—espe- cially if you run a small business. Small businesses are the backbone of the defense industrial base (DIB), just as they are for the entire economy. As both patri- ots and businesspeople, I'm sure most con- tractors serving the DoD support the goals of the CMMC program: ensuring the security of sensitive data up and down the supply chain. I'm also certain that the CMMC 1.0 rules, which went into effect in November 2020, caused more than a little stress and anxiety for smaller contractors. Why? Because CMMC 1.0 required contractors to undergo an exam- ination by a Certified Third-Party Assessment Organization (C3PAO) to become certified. When it became clear that the burden CMMC 1.0 placed on small contractors was significant enough to potentially force some out of the DIB, the DoD hit pause on the CMMC program. In fact, the official in charge of the CMMC's implementation came out and said one of the main goals of revising the pro- gram was to decrease the cost burden on small The Double-edged Sword of CMMC