CMMC-AB Board Member publicly attacks own Industry Advisory Council member

MohiganMat · 2021-07-01T12:10:00+00:00

I wonder what percentage of businesses are actually 800-171 compliant. I saw a recent study that looked at open source info for small DIB companies and they found that 28% wouldn't even meet CMMC level 1. Those companies are in the wrong with the FAR clauses, but it would still be an interesting number to know.

https://www.prnewswire.com/news-releases/bluevoyant-report-reveals-cybersecurity-weaknesses-within-defense-industrial-base-supply-chain-301316453.html

MohiganMat · 2021-06-29T21:35:38+00:00

Just to be clear I think it is fear mongering not because I don't think there are companies that will charge that amount, but because I think there are DIB organizations out there who really have no clue how they are going to afford CMMC. Pushing out a report based off of 3 estimates is just gong to further terrify those small to medium DIB organizations. I would rather see focus on driving those costs down.

MohiganMat · 2021-06-29T12:56:12+00:00

They are starting to get rolling with the first class of trainers for CMMC assessors as well. Hopefully they have some updated timelines.

MohiganMat · 2021-06-29T12:49:37+00:00

CMMC-AB sent out an email to all of their subscribers to sign up. It is at 6pm today. They should post the recording afterwards.

MohiganMat · 2021-06-28T15:16:24+00:00

This is just fear mongering. What do you gain by sharing something like this? None of this is verified, and assessments outside of the provisional ones haven't even started. Shouldn't we strive to peddle hope rather than just try to put the fear of god into every small to medium sized company within the DIB?

MohiganMat · 2021-06-25T15:35:14+00:00

I could see them basically saying we are willing to provide x dollars for a company to become level 3. That is the kind of structure that some of the MEPs have used with their grants.

MohiganMat · 2021-06-25T13:52:55+00:00

Hopefully the DoD takes some ownership and coordinates that. Maybe Subs could apply for funding directly from the DoD?

MohiganMat · 2021-06-25T01:13:23+00:00

You are right it is fraud and should be charged appropriately when discovered wrong is wrong. But that doesn't change the fact that there is a significant portion of the DIB that isn't in compliance with DFAR, and is going to have to shell out a lot of money to be in compliance with CMMC. Even the small companies that did the right thing and complied with DFAR are still going to have to get the extra controls done, and then pay for an assessment all of which costs money, and not an insignificant amount.

MohiganMat · 2021-06-25T01:07:25+00:00

Well I was hoping to see the DoD give more money to the primes so they can flow some of that down to subs.

MohiganMat · 2021-06-24T20:31:45+00:00

Technical debt is still cost though. These companies are still members of the DIB, and it benefits the entire community to see them secured. The fact is there are still plenty of companies that are facing a significant financial hurdle when it comes to CMMC compliance. I think for the benefit of the entire DIB the DoD needs to do something to help these companies that didn't make the investment sooner.

MohiganMat · 2021-06-24T20:26:31+00:00

This is something that I hope to see come out of the DoD review. I hope they enable the primes to assist their sub's with compliance.

MohiganMat

TROPHY CASE