CMMC 2.0: Unraveling Changes Impacting MI Manufacturers

This article appeared in the January/February 2022 issue of MiMfg Magazine. Read the full issue and find past issues online.

Michigan manufacturers are faced with daily attacks on their data and systems, threatening the very integrity, reputation and financial stability the businesses have worked so hard to build over the years. With the cyber security landscape continuing to morph at intense rates, the U.S. Department of Defense (DoD) is concerned that companies wanting to do business with them are not taking adequate measures to prevent exposing national security information to hackers and harming the country.

Enter the Cybersecurity Maturity Model Certification (CMMC) requirements, meant to unify the implementation of cyber security across the Defense Industrial Base (DIB). This increased level of cyber security maturity is above and beyond the existing NIST 800-171 requirement and adds a standard for audit and demonstration that was not present before.

How does this impact Michigan manufacturers? When an organization operates fully or even partially within the spectrum of the DIB, it is important to understand the NIST 800-171 baseline is still required no matter how much business you do with the DoD and companies need to properly secure and protect the sensitive information they receive, store and transmit related to these contracts, even if it’s only a very small portion of their company revenue stream.

Navigating CMMC

Prior to CMMC, the DoD had other standards in place but there was no certification process. It was a “pinky-swear” kind of a thing. You can imagine why this kind of standard wouldn’t cut it in today’s world. Contractors found holes in the “scout’s honor” model and frankly the DoD’s growing concern moved them to create CMMC.

As with any kind of compliance, it’s an ongoing effort. If you are compliant today, you could easily become uncompliant by Friday. The important thing to know is that since businesses change, processes change, and technology changes.

For manufacturers that operate within the spectrum of the DIB, it is a large challenge to overcome with significant opportunity once achieved. Unfortunately, this typically means smaller manufacturers will have to be strategic in how they approach CMMC, being very clear on which level they need to attain as well as leveraging outside expertise.

Your journey to becoming CMMC compliant warrants a roadmap. Something that can document your starting point, your destination and all the milestones in between. CMMC certification standards are constantly changing. While CMMC is still rather new, a 2.0 version has already launched, leaving manufacturers scratching their heads wondering what has changed.

Unraveling Changes with CMMC 2.0

“But I don’t even have CMMC 1.0 figured out?!” You and everyone else. That is just how fast security standards evolve and why companies need to have a flexible strategic plan with the budget allocations to accommodate the coming version and rule changes.

If you haven’t had a chance to create your roadmap for your CMMC trek, you won’t want to miss the upcoming CMMC 2.0: Unraveling Changes Impacting MI Manufacturers webinar on Wednesday, 2/23/22, hosted by MMA and ASK, a Convergence Networks Company. You will learn about what’s new with CMMC 2.0 and the most crucial steps you need to take in the coming year to prepare.

Premium Associate MemberASK, a Convergence Network Company, is an MMA Premium Associate Member and has been an MMA member company since June 2016. Visit online:

About the Author

John StephensJohn Stephens, CISSP, CEHv8, Pentest+, Security+, ITIL Foundation, is Director of Security Operations for Convergence Networks, a forward-thinking managed services and security provider focused on preparing customers for the future that’s just around the bend. He may be reached at 503-905-3281 or