Study Suggests Only 4% of DoD Contractors Are Ready for CMMC
Friday, October 4, 2024
DoD Contractors and CMMC
Print Mail Download info_icon_img/>i

On Oct. 1, 2024, CyberSheath and Merrill Research released a study about cybersecurity compliance among contractors within the Defense Industrial Base (DIB). The research provides insights about how well contractors may be meeting cybersecurity standards before the Cybersecurity Maturity Model Certification (CMMC)’s launch in early 2025. The study, surveying contractors of all sizes already subject to Defense Federal Acquisition Regulation Supplement (DFARS) requirements, revealed that few may be prepared to meet CMMC 2.0 standards, even though the program was announced in early 2021.

Currently, the regulations require Department of Defense (DoD) contractors to post a self-assessment score against the 110 controls in NIST SP 800-171, which will form the basis of the CMMC requirements. According to the study, 41% of respondents have completed the self-assessment requirement, while 89% of the survey participants reported operating in critical infrastructure sectors. Contractors scored an average of -12 on the assessment.

Additionally, only 4% respondents believe they are ready for CMMC certification. The study suggests that both large and small contractors are struggling to implement all the required controls.

The results of the survey are starker when examining specific requirements. Though 80% of respondents have experienced loss from a cyber incident, only 42% of respondents indicated they have developed annual incident response exercises. Just over 50% of respondents have a system security plan, and just under 50% have plans of actions and milestones in place. Only 42% of companies reported performing an annual DFARS assessment. The failure of almost half of respondents to implement these key components of the requirements suggests a gap between requirements and implementation.

CyberSheath’s 2022 study reported similar results, showing that little progress has been made. For example, 46% of the 2022 respondents had completed the self-assessment requirement. The 2022 respondents also had an average SPRS score of -23. Despite DoD’s sustained focus on cybersecurity, the potential gap between requirements and implementation may presage challenges for contractors and DoD as CMMC rollout begins, potentially early next year.

Special thanks to Law Clerk Olivia Bellini˘ for her contributions to this GT Alert.

˘ Not admitted to the practice of law.

©2024 Greenberg Traurig, LLP. All rights reserved.

Current Public Notices

Post Your Public Notice Today!

PUBLIC NOTICE OF SOLICITATION FOR BIDS OF THE ASSETS: Fulcrum Sierra BioFuels, LLC and Fulcrum BioEnergy, Inc.
Published: 19 September, 2024
PUBLIC NOTICE OF COURT ORDERED BUSINESS SALE: Body Details
Published: 16 September, 2024
PUBLIC NOTICE OF CHAPTER 7 BANKRUPTCY AUCTION: Free Speech Systems, LLC
Published: 3 October, 2024
PUBLIC NOTICE OF ARTICLE 9 UCC SALE: Presto Automation LLC
Published: 24 September, 2024
PUBLIC NOTICE OF UCC ARTICLE 9 SALE: Ricebran Technologies
Published: 24 September, 2024
PUBLIC NOTICE OF ARTICLE 9 UCC SALE: TrueNorth Projects, LLC
Published: 23 September, 2024
PUBLIC NOTICE OF UCC SALE: Prime Finance Short Duration Holding Company VII, LLC
Published: 18 September, 2024
NOTIFICATION OF CONTINUED ARTICLE 9 DISPOSITION OF NEWPORT EXCHANGE HOLDINGS, ETC
Published: 17 September, 2024
PUBLIC NOTICE OF ASSIGNEE SALE: Confidential Company operates 24 branded family restaurants
Published: 10 September, 2024
PUBLIC NOTICE OF UCC SALE: PSW Webbervile, LLC
Published: 9 July, 2024
Discover more public notices

Current Legal Analysis

As the Window for Comments Closes on ONC/ASTP’s HTI-2 Proposed Rule: What’s in HTI-2 and What Does It Mean for You?
by: Karen Mandelbaum , Laura J. DePonio
California Amends Key CCPA Definitions
by: Amy C. Pimentel , David P. Saunders
Middle District of Florida Judge Finds False Claims Act’s Qui Tam Provision Unconstitutional
by: Danielle H. Tangorre , Michael G. Lisitano
What Digital Advertisers and Influencers Need to Know About the FTC Final Rule Banning Fake Consumer Reviews and Testimonials
by: Richard B. Newman
Beltway Buzz, October 4, 2024
by: James J. Plunkett
New Jersey Pay Transparency Law Is the Stroke of a Pen (and Seven Months) Away from Becoming Law
by: Michael J. Riccobono , Alexander W. Raap
California Passes Legislation Protecting Performers’ Digital Rights
by: Joseph J. Lazzarotti
Women’s Health on the Ballot in November: What the Election Could Mean for Reproductive Care and Beyond
by: Amanda Zablocki , Elizabeth A. Nevins
FCC’s NG911 Transition Rules
by: Wesley K. Wright , Liam F. Fulling
Nebraska Executive Order Restricts Sales of Cultivated Meat in State
by: Food and Drug Law at Keller and Heckman

More from Greenberg Traurig, LLP

California Modifies Timetable for Implementation of Climate Disclosure Laws
by: Thomas R. Brill , Alice L. Kessler
Extended Producer Responsibility Packaging and Greenwashing Laws Expand, Targeting Plastic Reduction and Recycling Management
by: Will Wagner , Madeline Orlando
Legal Food Talk Episode 25: It's Not Easy Being Green [Podcast]
by: Justin J. Prochnow , Will Wagner
New Italian Rules for Virtual Asset Service Providers
by: Pietro Caliceti
New Rules for Crypto-Assets in Europe
by: Pietro Caliceti , Barbara A. Jones
Behavioral Health Law Ledger | September 2024
by: Julie A. Sullivan , Tyler Strobel
Mexico's Mining Sector on Alert After Sheinbaum Releases ‘100 Steps for Transformation’ Plan
by: Erick Hernández Gallego
SBA Proposes Key Changes Impacting Small Business Government Contractors and Mentor-Protégé Joint Ventures
by: Shomari B. Wade , Jeffery M. Chiow

Upcoming Legal Education Events

 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins