Defense Cyber Manufacturing

Beginning in Fall 2020, defense contractors face the very real threat of losing business if they are non-compliant with the newly released Cybersecurity Maturity Model Certification (CMMC) standard.  Under the current regulations — DFARS 252.204-7012 — contractors must implement security controls identified in NIST SP 800-171 that safeguard Controlled Unclassified Information (CUI).


With CMMC, contractors must be audited and certified before they can bid on RFPs. With five possible maturity levels, the CMMC is intended to safeguard Federal Contract Information (FCI) at Level 1, progress to protecting Controlled Unclassified Information (CUI) at Level 3 and reduce the risk of Advanced Persistent Threats (APT) to national security at Level 5.

What You Need to Know: Cybersecurity Maturity Model Certification (CMMC) 

  • RFPs with CMMC requirements will appear in Fall 2020 – Certification valid for 3 years 
  • CMMC will apply to all subcontractors, regardless of their supply chain tier position 
  • Contractors must achieve 100% adherence BEFORE bidding on contracts 
  • Only certified assessors can provide CMMC validation 
  • Certification costs are an allowable, reimbursable cost 

CUI in Defense Industry Business Processes and Systems

Examples of CUI

  • Controlled technical information with military or space application
  • Critical infrastructure information
  • Export controlled information (ITAR and EAR)
  • Nuclear information related to protecting reactors, materials,
    or security


  • Procedures
  • Parts lists
  • Bill of Materials (BOM)
  • Technical specifications
  • Quality data
  • Financial & contract records
  • R&D data

Asset Management

  • Engineering drawings
  • Equipment configuration
  • Process lists
  • Parts lists
  • Technical manuals
  • Technical specifications
  • Free text descriptions of equipment function

Supply Chain

  • Bill of Materials (BOM)
  • Material/Manufacturing Sources
  • Catalog item identifications
  • Financial records
  • Contract information
  • Supplier performance data

Achieve CMMC compliance with FedRAMP-authorized solutions

CMMC will likely have the greatest impact on smaller businesses, since they typically have fewer resources to invest in cybersecurity and are less likely to be 800-171 compliant. CUI may be contained in an ERP system, or any other system that stores financial, supply chain, or technical data. Adopting FedRAMP-authorized solutions that already implement the required security practices can provide an easier path to certification at a lower cost and may even enable smaller companies to target a higher CMMC maturity level. The MDTC is ready to help Small to Medium Size Business (SMB) defense manufactures achieve CMMC Level 3 certification by implementing Infor’s FedRamp certified CloudSuite Industrial (CSI). 

With more than 30 years of experience supporting SMB manufacturers, CSI is an end-to-end ERP solution for both discrete and process manufacturers, which includes predictive analytics, collaboration, lean production tools, and integration options. You’ll have the tools to increase customer service; improve production and quality; better coordinate aftermarket service and maintenance; and collaborate more effectively. With reduced implementation times as low as 4 months, our platform will help SMBs get certified early so they have a market advantage over competitors.