75/25 - We Need You

Regan Edens' LinkedIn post is nothing short of a CMMC national call to action. To bottom line it, there are two facts.

• Fact #1: 75% of the companies submitting SPRS scores, scored themselves 110 out of 110
• Fact #2: Based on two years of DIBCAC assessments only 25% of all companies they've assessed met most of the required CMMC practices

According to John Ellis at DIBCAC there have been just shy of 20,000 SPRS scores submitted out of a pool, we are told, of 80,000. Best government estimates are that the interim rule changes go live in March 2023 - 9 months from NOW.

These two facts are untenable, unsustainable, and unacceptable. To their immense credit, DIBCAC is stepping up do something about it now. Not later.

Again, from Regan's post, "DIBCAC has announced that they will be starting a new wave of Medium, paperwork-only assessments. They plan to call companies on Monday and require delivery of an SSP to them by Friday."

This should be a HUGE wake-up call for the 75% of contractors who haven’t even started their compliance process.

You can't start from nothing on Monday and have a legitimate SSP by Friday. Wake-up call #1. We all look awesome in our own mirrors, but it won't stand up. Wake-up call #2. Don't hit snooze.

It begins now.

So, for all of you, all of us, that have contractors as clients - we need you. Let's assume that each organization posting to SPRS really believes that their SPRS score is 110 (I believe that they believe) it is up to us the responsible professionals - consultants, MSPs, MSSPs, RPs, CCPs - to get the word out. The "word?" You need to do cyber right and be able to prove it.

There is the one most important word that every supplier to the DIB needs to know and needs to know now. Otherwise, they risk their ability to bid on new business as soon as 9 months from now.

That one word?

"START"