Issue link: https://iconnect007.uberflip.com/i/1472190
18 SMT007 MAGAZINE I JULY 2022 the sales group have access and permissions to do what the stockroom group does? Tech- nically they shouldn't. If it's simple and doc- umented, you can meet a lot of the CMMC Level 1 requirements. Right now, in a typical company, everybody has access to the entire file server. Your quality department docu- ments are accessible by your sales folks. ere's no control. It's a free-for-all. I've seen this too many times. Johnson: What are the implications of being at a particular CMMC level? If I'm Level 1, does that make me fully qualified to do DoD or government work? If so, why the other levels? Patel: Level 1 should be the place to start and help you evaluate whether you need level t wo. L e vel 2 i s when you get into con- trolled unclassified information. Many of the manufacturing companies should look at Level 1 to begin. Now, as you move up the supply chain and the vendors start into a DoD project, they'll be required to certify at Level 2. Johnson: Can you quantify this for me? What's involved regarding effort, resources, and expense to get a Level 1 certification? Patel: If you don't have any documents or inven- tory of your systems in place, it will take time and effort to gather, document, and organize this information. Let's say you're 50% there; look at the requirements, check them off, and address whatever gaps you find. For example, EMS company A has nothing in place; it's configured with one big, open net- work, with no cybersecurity processes or pro- cedures. Starting there takes a good amount of effort. Depending on the size of the organiza- tion and the number of devices, it could take six months to a year to document the systems and processes. If you've got some things in place, it could take three to six months. It really depends on where the company is and how much information has been documented, how proactive they've been. But if you don't have anything in place, it's time to be thinking about it. Just recently,