.jpg?ext=.jpg)
Keep Calm and Follow the CMMC Experts
In the age of the internet, there is a tendency to fill information vacuums, regardless of whether that new information is accurate. For defense and aerospace contractors and sub-contractors, there are many questions about the CMMC rulemaking process, the compliance process, and more. How can you ensure you are getting the best data for your organization?
Be first, not necessarily right
In the age of information, the source who breaks news first is often considered the thought leader, even if the news is not inaccurate. You likely have seen this kind of scenario yourself. Someone posts news based on something that has flown by on one of their social media feeds. Other people in that person's feed react by resharing the post or adding it to their next podcast agenda. Soon, incorrect information is spreading fast.
For OSCs and C3PAO companies, among others in the industry, who need actual information about the rulemaking process, this can make an already intimidating environment seem more unstable. How can you find the grains of truth out of all of the noise?
Be your own investigative journalist
The best idea is to seek information yourself from the most reputable sources out there. In the case of CMMC, that is going to be the Department of Defense, ultimately. The Cyber-AB is also a great resource for information that is verified. If you want to know more about the goings-on with NIST 800-171, your best bet is to go to the NIST website.
Beyond these major platforms, find industry experts who are actually involved in the rulemaking process. The CMMC Marketplace page on LinkedIn is a good source of information. NIST also has an active Facebook page, although not all posts will be relevant to NIST 800-171 as NIST is an expansive organization. Also seek out employees of CyberAB, NIST, and the Department of Defense who are involved in the rulemaking or creation process. NIST leadership is more active online than the CyberAB, but experts are still out there disseminating information that is credible and reliable.
Don’t panic
There is a lot of confusion and anxiety around rulemaking, especially when the impact is expected to be dramatic for many smaller members of the DIB. The most important thing now and in the months to come is to remain calm. The one thing that will not change is that all organizations must have their own cybersecurity structures in order. Focusing on that solitary but very large goal can be enough to drown out superfluous noise external to your organization.
Beyond that, strive to follow reputable sources who put information into the pubic sphere in a calm and collected manner. It is not hard to tell these days who is seeking attention versus who is seeking to disseminate important information.
And, of course, if you would like to have an objective conversation with an outside expert about your company’s CMMC journey, you can always reach out to us.