Deadline for CMMC 2.0 Compliance is Q1 2025

Since 12/31/2017, The DoD has expected the supply chain to conform with the NIST 800-171 cybersecurity standards.  The expectation, including the flow down clause for subcontractors, has been in the Defense Federal Acquisition Regulations (DFARS) 252.204-7012 section of contracts.  NIST 800-171 requirements include Physical, Technical and Administrative security controls across 14 families and require companies to have a System Security Plan (SSP), Plan of Actions & Milestones (POA&M) and Incident Response Plan.  Companies were able to self-attest that they are conforming.  The DoD was growing more and more concerned around the threat of cyber-attacks and estimating that less than 20% of the supply chain was meeting the standards.  Therefore, the Cybersecurity Maturity Model Certification (CMMC) was created.  Rather than self-attest, there will be a third-party assessment and certification process to hold the supply chain accountable to the standards.

NJMEP Can Help


General Manufacturing OR DoD Cyber Assessment & Full Remediation Support

  • Complete the assessment against both the 110 NIST 800-171 controls and the 130 CMMC Level 3 controls, create your POA&M and work through remediation
  • Continuous Monitoring and Threat Detection and prioritization
  • Leverage Policy and Training templates for policies and trainings you need to create
  • Leverage secure portal to view sample documents and upload your artifacts for review
  • Work with Subject Matter Experts to guide you through and validate the work being done
  • Track your progress via your portal

Each DoD contractor must supply the following information with respect to each system being assessed:

  • Assessment Date
  • Assessment Score
  • Assessing Scope
  • Plan of Action Completion Date
  • CAGE Code


NIST MEP, NJMEP leadership, and our cybersecurity resource were involved in the creation of the CMMC. NJMEP has been hosting workshops and webinars for over two years to educate companies about these requirements but also assisting with a gap analysis and remediation to the standards.

The average score we see for companies completing a gap analysis against the NIST 800-171 controls is less than 30%. It has been taking companies with someone focused on this, working with our resource, between six months and 1 year to complete. Our resources provide cyber protection for the Army and intelligence communities and developed a scalable solution specifically for small to mid-size companies. 

Every manufacturing business needs to take cybersecurity seriously. NJMEP is here to have the cybersecurity conversation. 


Contact NJMEP to learn more about how we work with both small-medium manufacturers that are or are not part of the DoD supply chain and help protect them from the countless cyber threats New Jersey businesses face.  

Contact NJMEP's Cyber Security Team for More Information

"*" indicates required fields

Name*
Address*

Request Your Complimentary Assessment

Schedule Now