Guernsey Delivers Key Insights on Navigating CMMC Requirements for DoD Contractors

Rose State College’s Tanenbaum Aerospace and Cybersecurity Center hosted a comprehensive two-day cybersecurity training event on April 17-18, 2024. This event was held in collaboration with the Small Business Development Center (SBDC) and Guernsey, Oklahoma's only Certified Third-Party Assessment Organization (C3PAO). The event focused on the evolving Cybersecurity Maturity Model Certification (CMMC) requirements necessary for Department of Defense (DoD) compliance.

An insightful discussion panel highlighted this event during the first day of the networking luncheon. Panelists, including the noted experts Laura Fawcett, CGEIT, CISM, Governance Risk and Compliance Consultant and Ronnie Hobbs, Director of the Small Business Office at the Air Force Sustainment Center at Tinker Air Force Base, underscored the critical importance of implementing CMMC amidst the growing cyber threats, urging firms to prepare for potential cyber-attacks and compliance with stringent CMMC requirements.

Discussions focused on CMMC certification, which will soon be required for DoD compliance. The panel extensively reviewed the evolution of CMMC, emphasizing its transition from basic cyber hygiene practices to a structured framework comprising 110 controls. This evolution reflects the DoD’s response to heightened compliance demands due to past challenges.

Significant concerns voiced involved the perceived high costs of compliance for small businesses and the imposition of additional requirements by prime contractors. The panel suggested practical tools, such as Project Spectrum and Blue Cyber, for performing gap analysis and aiding compliance efforts. A clear message from the discussion was the need for businesses to understand their contract obligations and to communicate proactively with contracting officers.

Strategic advice was shared on engaging early with acquisition teams, emphasizing firms planning their CMMC integration strategies before the first quarter of 2025. The speakers highlighted that preparation is crucial for navigating the changes efficiently and leveraging the available resources for successful certification.

The luncheon provided attendees with a platform to gain detailed insights and practical advice while fostering networking opportunities with industry peers and cybersecurity professionals. The event concluded with attendees expressing a greater understanding of the CMMC requirements and a renewed confidence in their ability to meet these standards.

Guernsey Delivers Key Insights on Navigating CMMC Requirements for DoD Contractors2

The CMMC Final Rule has been published, and it will be effective on 12/16/2024.

Guernsey is the only Oklahoma based company to have achieved the Certified Third-Party Assessment Organization (C3PAO) status, which authorizes the firm to provide CMMC assessments, or “audits,” for clients seeking certification to meet their contractual obligations.

To schedule your company's C3PAO assessment, contact Timothy Fawcett, CISSP, Vice President Director of Cybersecurity Consulting, at Timothy.fawcett@guernsey.us or (405) 416-8182.