Center of Innovation for Aerospace Supporting DoD Contractors Seeking CMMC Certification

According to the Department of Defense (DoD), small businesses are increasingly targeted for cyberattacks. A recent PwC article found that cyberattacks by adversaries cost the U.S. $600 billion annually. In an effort to further protect the defense industrial base, the DoD issued the Cybersecurity Maturity Model Certification (CMMC) in January 2020. This new cybersecurity guidance builds on the Defense Federal Acquisition Regulation Supplement (DFARS) requirements that have been in place since 2017. The majority of the 4,000 businesses in Georgia who received DoD contracts in the last five years are small businesses. The CMMC is a framework that grades company’s cybersecurity on a scale of one (basic cybersecurity hygiene) to five (most stringent).

Going forward, all firms wanting to do business with the DoD will need to demonstrate compliance with the CMMC to a third-party assessor. Assessors must be accredited by the CMMC-Accreditation Body, and all contracts with the DoD will require CMMC compliance by fiscal year 2026. But don’t delay, this journey to CMMC certification takes a significant amount of time, and we urge you to begin self-assessment now.

The Center of Innovation for Aerospace is performing outreach to DoD contractors to provide assistance in the CMMC journey. Go to www.georgia.org/cybersecurityedge for more information, links and resources. Cassia Baker, is our new CMMC project manager and can be reached at [email protected].

To provide additional resources for suppliers working toward CMMC requirements, the Georgia Department of Economic Development (GDEcD) has partnered with the Technology Association of Georgia (TAG) to form the Georgia Defense Industrial Base Task Force (GADIBT). Please check the TAG website for educational webinars focused on CMMC at: https://www.tagonline.org/ga-dibt/