<img alt="" src="https://secure.badb5refl.com/165368.png" style="display:none;">

2021 CMMC Preparation Study Published

By Cyber Insights Team on April 13, 2021

Get Free Insights

2021 CMMC Preparation Study Published

April 13, 2021 | BY Cyber Insights Team

Report Examines Perspectives, Cost Expectations and Approaches Used by DoD Contractors

During December 2020 and January 2021, Apptega and SecureStrux conducted the
inaugural CMMC Certification Preparation Study.

Individual study participants represented 130 prime contractors and subcontractors in
the U.S. Department of Defense (DoD) Defense Industrial Base (DIB). Participants included
business owners, CIOs, CISOs, and other Heads of IT, Security and Compliance.

Participants provided insights into their CMMC perspectives, current NIST 800-171
compliance status, approach and scope of their CMMC preparation, and cost estimates.
This report examines their feedback and provides correlations that serve as benchmarks to
assist all contractors in the DIB with their plans for CMMC certification.

-->Download the full study: https://www.apptega.com/white-papers/cmmc-prep-study

Key Findings from the Study Include:

  • 81% of the study participants indicated that CMMC is an important initiative needed to protect sensitive information within the DIB. None of the participants indicated that CMMC is not an important initiative.
  • In spite of agreement on the importance of CMMC, nearly one-third of the participants indicated that CMMC will create unnecessary burdens and costs, and compliance with NIST 800-171 is sufficient without CMMC. This perspective varied widely between larger and smaller contractors.
  • Two-thirds of the participants indicated that moving quickly to demonstrate compliance with CMMC will create a competitive advantage for their organization.
  • Nearly 50% of the participants indicated that they expect to see business growth opportunities linked to achieving CMMC readiness and certification.
  • Most contractors are taking a hybrid approach to preparation, utilizing both internal personnel and consulting assistance. Very few are completely dependent on a consultant.
  • Most contractors are including their entire organization in the scope of CMMC preparation and certification. The percentage of smaller contractors taking an all-company approach is higher than average, and most larger contractors are taking a divisional, or enclave approach.
  • Cost expectations vary widely and, not surprisingly, are lower for smaller organizations. Unexpectedly, the projected cost of CMMC preparation and certification is not inversely correlated to the current degree of compliance with NIST 800-171.

-->Download the full study:  https://www.apptega.com/white-papers/cmmc-prep-study

More Resources

Kaseya Breach: Key Takeaways for Managed Service Providers

Read webinar transcript, Kaseya Breach: Key Takeaways for Managed Service Providers, where cybersecurity experts discuss ways to avoid ransomware events

Learn More

Wait & See with CMMC? Lessons Learned by Provisional Assessors, Part 2

See how to begin your organization's CMMC certification process and learn takeaways from how other businesses are approaching CMMC compliance.

Learn More

How to Present Cybersecurity to Your Board of Directors

Read our webinar transcript, How to Present Cybersecurity to your Board of Directors. Jay Ferro from ERT and Jason James from NetHealth give best practice.

Learn More

Subscribe to Our Cybersecurity Insights