Cybersecurity Compliance in the Last Mile of the DoD Supply Chain

Many small and mid-size aerospace and defense (A&D) manufacturers want to diversify their sales pipelines by participating in the DoD supply chain as a result of diminished demand in the commercial aviation markets. Pivoting to the DoD supply chain has its own set of challenges and cybersecurity requirements.

The regulatory landscape of the defense industrial base is experiencing a sea change. Yet, the situation on the ground points to a challenging future for DoD suppliers. Defense Federal Acquisition Regulation Supplement (DFARS) compliance obligations are required to be flowed down from the prime contractor to the subcontracting supply chain wherever controlled unclassified information (CUI) goes. This process is unknown to most small and mid-sized aerospace and defense (A&D) manufacturers (SMMs) and IT managed services providers (MSPs). Soon, Cybersecurity Maturity Model Certification (CMMC) modifications to DFARS will prevent A&D SMMs from bidding on contracts as a result of poor IT MSP management.

The combination of reliance on managed service providers (MSPs) and nebulous guidance from regulatory bodies has resulted in a distributed cybersecurity ecosystem with little hope of achieving compliance on its own. The rush to replace compliance self-attestation with third party audits has put both businesses and sensitive information at risk. Cybersecurity is not a question of technology but rather is a function of robust supply chain risk management.

During this webinar, CMTC’s Senior Cybersecurity Consultant Jacob Horne will help you gain an in-depth understanding of the changing regulatory landscape for DoD suppliers.