Cybersecurity Requirements for DoD Contractors: A Deep Dive into CMMC with Jacob Horne, 453

Podcast: Play in new window | Download

In this episode of MakingChips, we take a deep-dive into the complexities of cybersecurity requirements for manufacturers working with the Department of Defense (DoD) with expert Jacob Horne. 

Jacob, the Chief Cybersecurity Evangelist at Summit 7, brings a wealth of knowledge to the conversation, especially as it relates to the Cybersecurity Maturity Model Certification (CMMC). His deep dive into the CMMC program offers invaluable insights for manufacturers navigating the rapidly changing landscape of DoD regulations.

Jacob takes us through the origins and evolution of CMMC, explaining how its implementation is designed to ensure defense contractors meet stringent cybersecurity standards to protect sensitive data. 

He clarifies the importance of CMMC certification for manufacturers who supply to the DoD, breaking down how companies can prepare for the upcoming requirements. This is a crucial discussion for anyone in the manufacturing sector who plans to continue or start working with the DoD.

Why should you listen to this episode? If you’re a manufacturer handling government contracts or are considering entering that space, understanding CMMC is no longer optional. Jacob’s expertise offers a roadmap for compliance, helping you avoid costly delays and penalties. The conversation explores practical steps to align your business with the required standards, ensuring you’re not left behind as the regulations tighten in 2025.

Jacob breaks down the technicalities of CMMC in a way that’s both approachable and actionable. He shares real-world examples of how businesses are already navigating the process, shedding light on the obstacles ahead and how to overcome them.

Whether you’re already engaged with defense contracts or looking to position your company for future opportunities, this episode will arm you with the knowledge to take the next step toward CMMC compliance. This is a crucial episode that can help safeguard your business’s future in an increasingly regulated market.

Segments

• (0:28) Check out Paperless Parts for quoting and estimating 
• (1:51) Jacob’s background in cybersecurity
• (6:06) Why CMMC was implemented and how it aims to prevent cyber threats
• (15:04) The announcement of CMMC 2.0 + the rule-making process
• (17:28) The basic requirements of cybersecurity/CMMC
• (19:48) The challenges manufacturers face when implementing cybersecurity requirements
• (23:03) The importance of securing the supply chain and how it relates to CMMC compliance
• (25:30) Understanding the role of waivers and exceptions in the certification process
• (30:12) Dissecting the reasons why CMMC is not going away
• (33:31) How to get ahead in the CMMC certification process and avoid falling behind
• (35:34) Why you need to check out the Lights Out podcast
• (36:49) The process of going from “zero” to assessment ready 
• (39:02) How many manufacturers need to get level 2 certification? 
• (45:53) The connection between CMMC and quality management systems like NADCAP
• (50:18) Potential costs behind CMMC certification and long-term financial implications
• (54:03) The role of mergers and acquisitions in the changing cybersecurity landscape
• (56:49) Controlled and classified information vs controlled unclassified information (CUI)
• (1:05:33) Dissecting some of the gray areas left to interpretation 

Resources mentioned on this episode

• Check out Paperless Parts for quoting and estimating
• The Cybersecurity Maturity Model Certification (CMMC) Program
• The Cybersecurity Maturity Model Certification (CMMC) Rule 
• Sum IT Up Podcast
• Cyber AB CMMC Assessing and Certification 
• Nadcap®
• NARA

Connect With MakingChips

• www.MakingChips.com
• On Facebook
• On LinkedIn
• On Instagram
• On Twitter
• On YouTube