-
- News
- Books
Featured Books
- pcb007 Magazine
Latest Issues
Current IssueThe Sustainability Issue
Sustainability is one of the most widely used terms in business today, especially for electronics and manufacturing but what does it mean to you? We explore the environmental, business, and economic impacts.
The Fabricator’s Guide to IPC APEX EXPO
This issue previews many of the important events taking place at this year's show and highlights some changes and opportunities. So, buckle up. We are counting down to IPC APEX EXPO 2024.
Getting to Know Your Designer
In this issue, we examine how fabs work with their design customers, educating them on the critical elements of fabrication needed to be successful, as well as the many tradeoffs involved. How well do you really know your customer? What makes for a closer, more synchronized working relationship?
- Articles
- Columns
Search Console
- Links
- Events
||| MENU - pcb007 Magazine
The Double-edged Sword of CMMC 2.0
June 6, 2022 | Divyash Patel, MX2 TechnologyEstimated reading time: 2 minutes
For the past few years, those whose SMT provider organizations supply or contract with the U.S. Department of Defense (DoD) have been hearing about—or even gearing up for—implementation of the Cybersecurity Maturity Model Certification (CMMC) program. By this, I mean that you were gearing up for CMMC 1.0. Today, we have CMMC 2.0, and there are several changes in the new version that impact both the standards for compliance and how you certify that compliance—especially if you run a small business.
Small businesses are the backbone of the defense industrial base (DIB), just as they are for the entire economy. As both patriots and businesspeople, I’m sure most contractors serving the DoD support the goals of the CMMC program: ensuring the security of sensitive data up and down the supply chain. I’m also certain that the CMMC 1.0 rules, which went into effect in November 2020, caused more than a little stress and anxiety for smaller contractors. Why? Because CMMC 1.0 required contractors to undergo an examination by a Certified Third-Party Assessment Organization (C3PAO) to become certified.
When it became clear that the burden CMMC 1.0 placed on small contractors was significant enough to potentially force some out of the DIB, the DoD hit pause on the CMMC program. In fact, the official in charge of the CMMC’s implementation came out and said one of the main goals of revising the program was to decrease the cost burden on small businesses. As a result, the DoD scrapped CMMC 1.0 and announced CMMC 2.0 in November 2021. The full 2.0 framework is expected to be released sometime next year.
But don’t make the mistake of thinking the government will kick the CMMC can down the road once again when 2023 rolls around. I fully expect CMMC 2.0 to come online when the rules are final.
At a high level, the two major changes that will likely affect you are the new tiers of security and the shift to annual self-attestation of compliance.
The original CMMC defined five levels of security. CMMC 2.0 has three:
- Foundational
- Advanced
- Expert
For most of you, the newly collapsed levels won’t change the practical compliance requirements. This is good news. Most contracts will fall into Level 1, so any work you have done to this point to achieve Level 1 compliance under CMMC 1.0 has not been wasted. The new framework relies on the same 17 baseline security controls used in the prior version—more on those controls in a moment.
The key distinction between Level 1 and Level 2 under CMMC 2.0 has to do with the type of information you handle. Level 1 focuses on securing federal contract information (FCI), for which there are no national security concerns. The bar for Level 1 is not set very high— it is essentially developing and maintaining good baseline cybersecurity policies and procedures. In my view, this is something any company should do; it’s just a good business practice.
To read this entire article, which appeared in the June 2022 issue of SMT007 Magazine, click here.
Suggested Items
Intel Announces New Program for AI PC Software Developers and Hardware Vendors
03/27/2024 | Intel CorporationIntel Corporation announced the creation of two new artificial intelligence (AI) initiatives as part of the AI PC Acceleration Program: the AI PC Developer Program and the addition of independent hardware vendors to the program.
SEMI ESD Alliance 2024 CEO Executive Outlook to Explore the Evolving RISC-V Movement and Semiconductor Design Ecosystem
03/27/2024 | SEMIKey executives from leading semiconductor EDA and IP companies will gather to discuss the latest industry trends, challenges and opportunities Thursday, May 9, in Santa Clara, California at the annual CEO Executive Outlook, hosted by the Electronic System Design Alliance (ESD Alliance), a SEMI Technology Community, and Keysight Technologies. Registration opens soon.
NextFlex Announces $5M Education Fundraising Effort: First Spotlight - Transforming the Landscape for Women in Technology
03/27/2024 | BUSINESS WIRENextFlex Learning Programs, the education-focused arm of the NextFlex® Hybrid Electronics Manufacturing Innovation Institute, announces its first spotlight effort, “NextFlex Supports Women in STEM” to increase the number of women in STEM fields, which could accelerate U.S. GDP growth by boosting women’s cumulative earnings by $299B and adding $5.9T to the global stock market within 10 years according to S&P Global.
Indium Corporation, Industry Partners to Showcase Products “Live@APEX”
03/26/2024 | Indium CorporationIndium Corporation®, in cooperation with its industry partners, will feature its proven solder solutions live on the show floor throughout IPC APEX Expo from Apr. 9‒11 in Anaheim, Calif., U.S.
Global Beam Telecom Joins Viasat’s ELEVATE Program to Provide Remote Connectivity and Industrial IoT
03/26/2024 | InmarsatViasat, Inc., a global leader in satellite communications, announced Global Beam Telecom, a global satcom solutions provider, has joined its ELEVATE program.