Navy Gold Coast Recap: CMMC Updates
Whether it is precision machining, environmental services, high tech equipment for military members or anything in between, it is fun to meet these companies in the flesh!
The National Defense Industrial Association (NDIA) hosted their annual Navy Gold Coast Small Business Procurement Event conference last week in San Diego.
For small businesses who are, or want to do business with the United States Navy & the Department of Defense, this is the conference to be at! Here is our Navy Gold Coast Recap.
One of the coolest parts of Navy Gold Coast is being able to walk the floor and meet some people responsible for the top products and innovation that keeps us, the civilians, safe.
Whether it is precision machining, environmental services, high tech equipment for military members or anything in between, it is fun to meet these companies in the flesh!
Besides the exhibitor showcases, the featured speakers in the main room were excellent.
Much of the focus was on how to educate, guide, and assist businesses, large and small, in support of the warfighter mission within Department of the Navy and throughout the Department of the Defense.
A lot of the focus was immediately about cybersecurity and why securing the Defense Industrial Base (DIB) is critical. This topic is not going away. In fact, it is getting a major boost.
We recently wrote about both the DFARS and NIST SP 800-171 requirements, as well as the newly announced Cybersecurity Maturity Model Certification (CMMC).
Both were hot topics both in the exhibitor hall, as well as the main stage. And rightfully so!
During the first full day of Navy Gold Coast, featured speakers like Kevin Fahey (Assistant Secretary of Defense for Acquisition | ASD/A | Department of Defense), Vice Admiral David H. Lewis (Commander | Defense Contract Management Agency) provided direct, yet colorful, insights as to what is working, what is not working, and ways to improve.
Mr. Fahey spoke about cybersecurity, specifically when referring to the Cybersecurity Maturity Model Certification (CMMC), stating, “the level of verification will matter based on what the DoD is buying.” In short, the DoD needs to start thinking more about what, and how, they are buying from industry.
Also, Mr. Fahey said,“We need a quality system to make decisions based on risk.” The days of buying products based only on cost, performance and schedule are over.
Cybersecurity was often times used in the same breath as quality assurance. This, in our opinion, is where the mindset has to change.
Vice Admiral Lewis said it best: “If I find garbage in our reviews of quality, I’m going to ask ‘who is responsible for this garbage?!’, because we are going to get rid of the garbage.”
Our adversaries are currently far too successful in stealing the data that is being used to protect our nation, we have to do better.
On Friday, Ms. Katie Arrington (HQE for Cyber for the Assistant Secretary for Defense Acquisition ASD-A | Department of Defense) was joined on stage by the following panelists:
Ms. Arrington immediately took control the room by mentioning the recently released Department of Defense Inspector General report. She summed it by saying “even the DODIG is saying no one is doing this right!”
The passion of Arrington and her team really came out when she loudly stated “I am a taxpayer. This upsets me. WE [the taxpayers] should be irate!” when referencing how our adversaries are stealing from us.
As Arrington began to explain the Cybersecurity Maturity Model Certification in more detail, these statements stood out the most:
The message is pretty clear. If cybersecurity is not a major focus for a contractor, they won’t be doing business with the DoD.
All in all, Navy Gold Coast was a terrific event. From exhibitors to featured speakers, the energy in the room was obvious. Collaboration was used throughout the event, which was music to our ears!
Based on what was presented and discussed, contractors who think simply having a Plan of Actions and Milestones (POA&M) and a Systems Security Plan (SSP) will be enough to keep or win contracts, are wrong.
Proof of implementation is what matters. Waiting until the CMMC becomes official, is not advised. Get to where the DoD needs/wants you NOW.
As far as the CMMC Levels go, it appears Level 3 (110 NIST SP 800-171 controls) will be what most DoD contracts will require. Sadly, some contractors are not close to having those implemented.
Fortunately for small businesses, who often times lack the resources to implement the proper security controls (correctly), Beryllium utilizes CUICK TRAC as the economically efficient, fully implemented solution to all DFARS 252.204-7012 & NIST SP 800-171 requirements.
The best part? Implementation can take as few as 14 days.
In short, CUICK TRAC gets small business contractors to CMMC Level 3, in a short period of time, for a fraction of the cost of doing it themselves. And no additional infrastructure is required.
Securing small business contractors is how WE (the taxpayers) take our competitive advantage back.
