Stay audit-ready & fully compliant with Infor CloudSuite and Godlan.

Defense contractors face the very real threat of losing business if they are noncompliant with the Cybersecurity Maturity Model Certification (CMMC) standard.

Cybersecurity Maturity Model Certification (CMMC) 2.0

What is CMMC 2.0?

On October 15th, 2024, the CMMC ruling – known formally as the 32 CFR Part 170 ruling, or the “Program Rule” for CMMC – was published.  

The Cybersecurity Maturity Model Certification (CMMC) represents a critical mandate from the U.S. Department of Defense to enhance the protection of sensitive data across the complex and expanding defense contracting supply chain.  The purpose of CMMC is to verify that defense contractors are compliant with existing protections for federal contract information (FCI) and controlled unclassified information (CUI) and are protecting that information at a level commensurate with the risk from cybersecurity threats, including advanced persistent threats. While the government’s phased rollout will take time, prime contractors are already expecting CMMC requirements to be met by subcontractors.

We encourage you to act now, as the demand for compliance services will grow and strain available resources. 

Accelerating time-to-compliance: Infor CloudSuites for CMMC readiness

Free Access Now

What you need to know:

  • CMMC applies to all subcontractors, regardless of their supply chain tier position.
  • Contractors must achieve 100% adherence before they can receive new contract awards
  • Only certified assessors can provide CMMC validation.
  • Remediation plans or Plan of Action & Milestones (POA&M) are not allowed.
  • Certification is valid for three years.
  • CMMC will not be applied retroactively to existing contracts.
  • Certification costs are an allowable, reimbursable cost.   

Explore these resources to learn more...

infor-icon
Infor Cloudsuite Aerospace & Defense Brochure
A cloud service to help aerospace and defense suppliers maintain cybersecurity, achieve regulatory compliance,...
View Resource

The revised CMMC Program has 3 key features:

1: Tiered Model:

CMMC requires companies entrusted with Federal contract information and controlled unclassified information to implement cybersecurity standards at progressively advanced levels, depending on the type and sensitivity of the information. The program also describes the process for requiring protection of information flowed down to subcontractors.

2: Assessment Requirement:

CMMC assessments allow the Department to verify the implementation of clear cybersecurity standards.

3: Phased Implementation:

Once CMMC rules become effective, certain DoD contractors handling FCI and CUI will be required to achieve a particular CMMC level as a condition of contract award. CMMC requirements will be implemented using a 4-phase implementation plan over a three-year period.

In the event companies cannot establish full compliance, they must develop plans of action that describe how unimplemented security requirements will be met and how any planned mitigations will be implemented. Although an explicit time limit for mitigation is not specified in NIST SP 800-171 R2, contractors that fail to reasonably comply with applicable requirements may be subject to standard contractual remedies

Please see the DCMA DIBCAC website at www.dcma.mil/​DIBCAC/​ that includes links to the pre-assessment documents; a publicly releasable version of the assessment database; FAQs; an informational video; a link to Procurement Integrated Enterprise Environment (PIEE), the primary enterprise procure-to-pay application for the DoD; a link to SPRS where assessment scores are posted; and links to other reference materials.

DoD has created a series of guidance documents to assist organizations in better understanding the CMMC Program and the assessment process and scope for each CMMC level. These guidance documents are available on the DoD CMMC website at https://dodcio.defense.gov/​CMMC/​Documentation/​ and on the DoD Open Government website at https://open.defense.gov/​Regulatory-Program/​Guidance-Documents/​.

The Benefits of CMMC Include:

How do I know if I need to comply with CMMC 2.0

You need to comply with CMMC 2.0 if your company is a contractor or subcontractor working with the Department of Defense (DoD) and handles “Controlled Unclassified Information (CUI)” or “Federal Contract Information (FCI),” which means you likely need to review your existing contracts to see if CMMC compliance is specified, especially if you have a DFARS 7012 clause indicating the need for CUI protection; if you are unsure, contact your prime contractor to clarify your CMMC requirements.

Contractors:

Here’s what contractors must do now to ensure compliance with CMMC 2.0

Check your existing contract requirements to determine your appropriate level of CMMC. If you have existing DFARS 7012 requirements and you handle CUI, it is likely that you’ll need to be CMMC Level 2 compliant.

Time is Ticking

When will CMMC compliance will be required?

CMMC Implementation

The CMMC Program implementation date is 60 days after the publication of the final Title 48 CFR CMMC acquisition rule. CMMC assessment requirements will be implemented using a four-phase plan over three years. The phases add CMMC Level requirements incrementally, starting with self-assessments in Phase 1 and ending with full implementation of program requirements in Phase 4. This phased approach allows time to train assessors and for companies to understand and implement CMMC assessment requirements.

Start Your Compliance Journey Now With Infor

Infor CloudSuites provide purpose-built capabilities to help manufacturers establish the policies, procedures, and systems needed for cost-efficient CMMC adoption. With Infor CloudSuites manufacturers gain an integrated platform designed specifically for defense contractors, with functionality that maps to core CMMC domains right out of the box:

Role-based access control:

Restrict data access to authorized users based on their roles and responsibilities. Easily implement the principles of least privilege and separation of duties.

Asset lifecycle tracking:

Maintain end-to-end visibility into hardware and software assets which access relevant data across procurement, deployment, maintenance, and disposal.

Workflow automation:

Ensure consistent, auditable execution of processes that impact CUI systems, like change management procedures.

Systems integration:

Connect engineering tools like PLM and ALM to manage product data and technical documentation. Perform unified identity, access, and authentication management.

Analytics for predictive monitoring:

Utilize artificial intelligence and advanced analytics to identify vulnerabilities, detect threats, and preempt compliance issues.

Infor is your turnkey solution to compliance.

While meeting the complex and rigorous CMMC standards can be extremely costly and resource-intensive for manufacturers, the purpose-built Infor® CloudSuite Aerospace & Defense provides a strong foundation of capabilities to streamline and automate compliance activities. 

With decades of experience serving the aerospace and defense industries and a track record of delivering secure, certified cloud solutions for government agencies, Infor is dedicated to assisting A&D manufacturers of all sizes to navigate the path to CMMC readiness.

Infor’s Defense solutions, including Gov Cloud, meet rigorous regulatory, security and safety standards for low-volume, engineer-to-order and high variability production operations. Our solutions support robust traceability for regulatory compliance, extensive in-house and sub-contracted operations, multi-site cost visibility, digital service records, and efficient after-market service management.

+

Let Godlan and Infor Lead the Way to Ensure Your Compliance

We are dedicated to assisting A&D manufacturers of all sizes to navigate the path to CMMC readiness.

infor-icon
Infor Cloudsuite Aerospace & Defense Brochure
A cloud service to help aerospace and defense suppliers maintain cybersecurity, achieve regulatory compliance,...
View Resource
Scroll to Top

Login

Access everything in the learning center. 

Not a member? Don’t worry, it’s free…

Join once for free, get lifetime acess...

Hundreds of resources, trainings, white papers, demo videos, case studies, and more on the inside…

Name(Required)
Password
This field is for validation purposes and should be left unchanged.

Already have an account?