Part 3: CMMC Preparedness
All Department of Defense suppliers (prime contractors and subcontractors) that handle Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) are bound to the Cybersecurity Maturity Model Certification (CMMC). In this section, respondents share their familiarity and progress with CMMC readiness and compliance.
61% are very familiar with CMMC requirements
61% are very familiar with and have an in-depth understanding of the CMMC requirements. 37% are somewhat familiar and have a general understanding of the CMMC requirements. 2% are not familiar with and have limited or no understanding of the CMMC requirements.
Q. How familiar are you with the requirements of the Cybersecurity Maturity Model Certification (CMMC)?
Very familiar 61%
Somewhat familiar 37%
Not familiar 2%
71% have started the CMMC compliance process
71% have started the process for CMMC compliance, while 29% have not.
Q. Has your company begun the process for CMMC compliance?
Yes 71%
No 29%
How Much Time to CMMC Compliance
How soon do respondents plan to reach their CMMC compliance? Here’s how long it will take our respondents to reach compliance:
Q. How soon do you plan to reach the following CMMC compliance levels?
Summary
This year, 98% of respondents are either familiar or very familiar with CMMC requirements, as compared to 90% last year. However, last year, 81% said they started the CMMC compliance process compared to 71% this year.
This year, there’s more compliance than last year:
- 21% this year are currently compliant with Level 1, compared to 13% last year
- 17% this year are currently compliant with Level 2, compared to 11% last year
- 12% this year are currently compliant with Level 3, compared to 12% last year
There are fewer responses to “never” this year than there were to last year, too. This perhaps indicates that with more familiarity and guidance now, the process is less of a mystery than it was a year ago, and organizations feel more confident they can achieve their compliance.