2021 CMMC Preparation Study Published | Apptega

Report Examines Perspectives, Cost Expectations and Approaches Used by DoD Contractors

During December 2020 and January 2021, Apptega and SecureStrux conducted the
inaugural CMMC Certification Preparation Study.

Individual study participants represented 130 prime contractors and subcontractors in
the U.S. Department of Defense (DoD) Defense Industrial Base (DIB). Participants included
business owners, CIOs, CISOs, and other Heads of IT, Security and Compliance.

Participants provided insights into their CMMC perspectives, current NIST 800-171
compliance status, approach and scope of their CMMC preparation, and cost estimates.
This report examines their feedback and provides correlations that serve as benchmarks to
assist all contractors in the DIB with their plans for CMMC certification.

–>Download the full study:

Key Findings from the Study Include:

  • 81% of the study participants indicated that CMMC is an important initiative needed to protect sensitive information within the DIB. None of the participants indicated that CMMC is not an important initiative.
  • In spite of agreement on the importance of CMMC, nearly one-third of the participants indicated that CMMC will create unnecessary burdens and costs, and compliance with NIST 800-171 is sufficient without CMMC. This perspective varied widely between larger and smaller contractors.
  • Two-thirds of the participants indicated that moving quickly to demonstrate compliance with CMMC will create a competitive advantage for their organization.
  • Nearly 50% of the participants indicated that they expect to see business growth opportunities linked to achieving CMMC readiness and certification.
  • Most contractors are taking a hybrid approach to preparation, utilizing both internal personnel and consulting assistance. Very few are completely dependent on a consultant.
  • Most contractors are including their entire organization in the scope of CMMC preparation and certification. The percentage of smaller contractors taking an all-company approach is higher than average, and most larger contractors are taking a divisional, or enclave approach.
  • Cost expectations vary widely and, not surprisingly, are lower for smaller organizations. Unexpectedly, the projected cost of CMMC preparation and certification is not inversely correlated to the current degree of compliance with NIST 800-171.

–>Download the full study:

*** This is a Security Bloggers Network syndicated blog from Apptega Blog authored by Cyber Insights Team. Read the original post at: