Issue link: https://iconnect007.uberflip.com/i/1489269
56 SMT007 MAGAZINE I JANUARY 2023 you need to go, but the first step is a gap anal- ysis. To do this, you will need help, and there are a growing number of folks specializing in CMMC compliance consulting. ey aren't cheap in isolation but compared to losing out on serving the DoD they are very cheap. You want to do this fast. Whatever you do, do not rely on your in- house IT folks' assessment of your state of compliance. You will be the one signing the self-attestation, not them. is is not a knock on your IT folks. Even the best of us miss things—especially in networks we think we know like the back of our hand. at degree of familiarity creates blind spots. I have been overconfident in my knowledge of a network at times, only to find a fresh set of eyes found things I'd missed. At the least, have a compe- tent consultant do a review aer your IT folks tell you you're good. Now, for the other group—the ones who wait until March to get started. I'm frankly worried about them. If they rely on DoD con- tracts for any significant part of their revenue, they might be in big trouble. If they start com- pliance from a greenfield state, it's a six-to- eight-month process at best, and likely longer. at is with a significant bit of outside help— which brings up another problem. As more companies demand their services, it will be harder and pricier to find competent consul- tants. ese contractors will be guaranteed to miss out on opportunities that in prior years would have been a lock. en, aer their long- term partner organizations have been forced to find new suppliers to fill the gap they le, those prime contractors might end up with the new supplier long term. I know a few business owners who are work- ing on satisfying Level One requirements just to get by. is is even though their stan- dard projects would require Level Two com- pliance. ey are taking smaller opportuni- ties to maintain relationships. Because here is what's going to happen: Some DIB businesses will clearly not make the deadline. I don't care how long they have worked together or how good the relationship is, the major contractors will not include them on CMMC regulated projects. Conclusion e big contractors are obviously going to face higher degrees of scrutiny faster than small businesses will. e primes are the ones assur- ing the DoD that their entire supply and value chain is compliant. e stakes are just too high. What rational company would risk hundreds of millions or even billions in future earnings on $500,000 worth of widgets? Not one. ey would likely pay twice as much for the security of knowing their business is protected. My guess is that CMMC will result in a shake- out in the small contractor community— maybe a big one. Some will stop supporting the DoD by choice. Some will find that by the time they get compliant, they will have to fight to get their market share back. Some will run out of cash and close up shop for good. While that will be terrible for the employees and their families, it will also be an opportunity for con- tractors that are CMMC ready. SMT007 Sponsored link: www.mx2technology.com/ Divyash Patel is president of MX2 Technology. I have been overconfident in my knowledge of a network at times, only to find a fresh set of eyes found things I'd missed.