Our suppliers. They are often the weakest link in information security. A DoD report released in June 2024, “Behind the Firewall: Assessing Cyber Resilience in U.S. Manufacturing,” found that only 69% of Defense Industrial Base (DIB) companies have comprehensive cybersecurity requirements in contracts with vendors. This gap between adopting and effectively implementing cybersecurity measures across the supply chain threatens national security.
The report also reveals that 36% of DIB companies lack provisions to audit their vendors’ cybersecurity controls. Even when audits are possible, they are often inconsistently performed. Are primes waiting for mandatory CMMC audits next year to secure their supply chains?
The DIB relies on a vast network of vendors and suppliers. These vendors provide components, software, and more. Cybersecurity must be industry-wide, not just within prime contractors. DFARS 252.204-7012 requires primes to ensure subs meet compliance requirements.
DIB manufacturers must commit to 7012 requirements. These apply to everyone handling sensitive information, both primes and subcontractors. Primes handling CUI must implement the 110 practices in NIST 800-171. And they are responsible for ensuring that their subs do too. Everyone in the supply chain handling CUI must be ready for CMMC certification.
Are you a subcontractor with access to CUI? Has your prime discussed entering an SPRS score yet? If not, they will. Are you ready?
0 Comments