Federal Government Contracts

Winning contracts for federal government work is not simple. If you have tried bidding on a government contract in the past, then you know what I am talking about. The forms have to be filled out. UGH. The bids have to be written in precisely the right way. Double UGH. The instructions are not always clear. Triple UGH. Nor is it easy to figure out what price you should quote to be competitive. UGH again.

But let us assume that you have jumped through all those hoops, only to find out that your bid will not even be considered because you are not CMMC compliant. The hours you spent writing your proposal just went down the drain, and your hopes, plans, and aspirations.

Do not let that happen. Get started today on CMMC compliance.

What You Need to Know about CMMC

The CMMC acronym stands for Cybersecurity Maturity Model Certification. And CMMC compliance is specific to the DoD (the U.S. Department of Defense). Recognizing the complexity of the certification and the scope of the requirements under CMMC, the DoD chose a multi-year phased rollout that began in 2020 and will culminate in 2025, at which point compliance will be a contractual requirement and a condition for every DoD award.

It is also important and helpful to note that CMMC will be an umbrella framework that includes controls, practices, processes, and references from many other standards and sources, such as the NIST (National Institute of Standards and Technology) and DFARS (Defense Federal Acquisition Regulations Supplement). If your organization is already NIST and/or DFARS compliant, you have a good head start toward CMMC certification.

How often does that happen? Usually, when the government makes changes to regulatory requirements, it is the other way around – more complicated, not easier. So, this is really terrific news.

CMMC 2.0 versus CMMC 1.0

As mentioned above, the rollout of CMMC began in 2020, November to be exact. Well, it did not take long for CMMC 1.0 to be replaced by CMMC 2.0, just one year later, in November 2021. If you have been working toward your CMMC certification, this is actually good news for you because, believe it or not, CMMC 2.0 makes the compliance process more manageable.

You would be pleased to know that the changes were based on feedback from industry groups as well as small businesses. For one thing, the initial five certification levels have been consolidated into just three certification levels – Foundational, Advanced, and Expert. While Level 1 has remained the same and still requires the implementation of 17 processes, Levels 2 and 3 reflect the fact that many constraints have been relaxed or even removed.

For example, many control requirements were scaled back, and contractors handling FCI (Federal Contract Information) exclusively will no longer be required to undergo a third-party assessment. They will only have to submit an annual self-assessment.

Whew!

Let me be clear. I am not saying that it will be a walk in the park. But more accessible is better than harder, and I will take that all day!

Plenty of DoD Opportunities for Small and Midmarket Manufacturers

CMMC will impact more than 350,000 US organizations in the Defense Industry Base (DIB). And approximately 74 percent of DoD contractors are small businesses.1. I should note that not all of those small businesses are manufacturers. Still, opportunities abound for small and midmarket companies, among them many manufacturers.

I am focusing on manufacturers because Strategic Systems Group (SSG) specializes in supporting manufacturing companies. And amongst other things, we specialize in CMMC compliance. So, we can put a plan together for you that will take you through your CMMC compliance journey, making sure that you meet all the milestones and deadlines, understand all of the instructions, and fill out the paperwork correctly.

In House or Farm Out

Even though the process has been somewhat simplified, it is still quite time-consuming. Let’s be honest. Cybersecurity is not in your bailiwick. Manufacturing is. Instead of taking your eyes off your business and assigning the proposal project to someone on your team, which is critical to your day-to-day bread and butter, we respectfully (but candidly) believe you would be better served farming it out to us.

If you ask yourself what our qualifications are, I will tell you. Strategic Systems Group (SSG) has been working with small to midmarket manufacturers like you for more than 30 years. We implement the ERP software that runs your business. We take care of your IT needs, ensuring you are secure and efficient.

If you are entertaining submitting a bid on a DoD contract, we are here to provide as much or as little support as you need.

Your CMMC Compliance Journey Starts Here

To learn more about the ERP services we provide to manufacturers and distributors, just call Strategic Systems Group (SSG) at (310) 539-4645 or reach out via our contact form today!

For answers to your CMMC compliance questions, just call Strategic Systems Group (SSG) at (310) 539-4645 or reach out via our contact form today!

For information about Microsoft Dynamics and Infor ERP for manufacturers and distributors, just call Strategic Systems Group (SSG) at (310) 539-4645 or reach out via our contact form today!

For information about Microsoft Dynamics ERP for manufacturers and distributors, just call Strategic Systems Group (SSG) at (310) 539-4645 or reach out via our contact form today!

For information about Infor ERP for manufacturers and distributors, just call Strategic Systems Group (SSG) at (310) 539-4645 or reach out via our contact form today!

Related Post

THE COST OF DOING NOTHING (INSTEAD OF UPGRADING YOUR ERP SOFTWARE)

 

1 Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041), September 29, 2020