CMMC Level of Effort for Small Business

Event description

The US Federal government recognizes the risk of theft of its sensitive information--such as Federal Contract Information (FCI) and Controlled Unclassified Information (CUI)--from its supply chains' information systems.  Therefore, all Federal contractors have certain basic cybersecurity requirements they must implement in their own internal information technology (IT) systems that process Federal contract-related data.  Additionally, contractors that process information related to Department of Defense contracts are beholden to DFARS clauses 252.204-7012/7019/7020, and the forthcoming 7021 CMMC clause, which require significant cybersecurity safeguards, and are a challenge for any organization of any size to implement.

Mr. Adam Austin, Cybersecurity Lead at Totem. Tech, a small veteran-owned prime USAF contractor, will describe some of the challenges small businesses face when implementing these requirements and pursuing certification, with a focus on expected costs, timelines, level of effort, and where small businesses should start.