Download Manufacturing
2023 Industry Report Schedule Your
Complimentary Assessment

Cybersecurity Compliance Services

By May 2023, manufacturers and suppliers in the defense base will be required to comply with CMMC standards. 


Since 12/31/2017, The DoD has expected the supply chain to conform with the NIST 800-171 cybersecurity standards.  The expectation, including the flow down clause for subcontractors, has been in the Defense Federal Acquisition Regulations (DFARS) 252.204-7012 section of contracts.  NIST 800-171 requirements include Physical, Technical and Administrative security controls across 14 families and require companies to have a System Security Plan (SSP), Plan of Actions & Milestones (POA&M) and Incident Response Plan.  Companies were able to self-attest that they are conforming.  The DoD was growing more and more concerned around the threat of cyber-attacks and estimating that less than 20% of the supply chain was meeting the standards.  Therefore, the Cybersecurity Maturity Model Certification (CMMC) was created.  Rather than self-attest, there will be a third-party assessment and certification process to hold the supply chain accountable to the standards.

NJMEP Can Help


DoD Cyber Assessment and Full Remediation Support

  • Complete the assessment against both the 110 NIST 800-171 controls and the 130 CMMC Level 3 controls, create your POA&M and work through remediation
  • Continuous Monitoring and Threat Detection and prioritization
  • Leverage Policy and Training templates for policies and trainings you need to create
  • Leverage secure portal to view sample documents and upload your artifacts for review
  • Work with Subject Matter Experts to guide you through and validate the work being done
  • Track your progress via your portal

Each contractor must supply the following information with respect to each system being assessed:

  • Assessment Date
  • Assessment Score
  • Assessing Scope
  • Plan of Action Completion Date
  • CAGE Code


NIST MEP, NJMEP leadership and our cybersecurity resource were involved in the creation of the CMMC and NJMEP is the implementation partner in a DoD OEA grant to help companies become compliant. NJMEP has not only been hosting workshops and now webinars for over a year to educate companies about these requirements but also assisting with a gap analysis and remediation to the standards.

The average score we see for companies completing a gap analysis against the NIST 800-171 controls is less than 30%. It has been taking companies with someone focused on this, working with our resource, between six months and 1 year to complete. Our resource provides cyber protection for the Army and intelligence communities and developed a scalable solution specifically for small to mid-size companies. 

Contact NJMEP's Cyber Security Team for More Information

"*" indicates required fields

Name*
Address*

Request Your Complimentary Assessment

Schedule Now