Download the CMMC Preparation Study to learn insights from Department of Defense prime contractors and subcontractors.
This report examines:
Additionally, this report provides correlations that serve as benchmarks to assist all contractors in the DIB with their plans for CMMC certification.
(Please note this study was conducted prior to the release of CMMC 2.0. Though any discussion of levels is now outdated, this study still provides applicable takeaways for your organization.)
81% of the study participants indicated that CMMC is an important initiative needed to protect sensitive information within the DIB. None of the participants indicated that CMMC is not an important initiative.
In spite of agreement on the importance of CMMC, nearly one-third of the participants indicated that CMMC will create unnecessary burdens and costs, and compliance with NIST 800-171 is sufficient without CMMC. This perspective varied widely between larger and smaller contractors.
Two-thirds of the participants indicated that moving quickly to demonstrate compliance with CMMC will create a competitive advantage for their organization.
Nearly 50% of the participants indicated that they expect to see business growth opportunities linked to achieving CMMC readiness and certification
Most contractors are taking a hybrid approach to preparation, utilizing both internal personnel and consulting assistance. Very few are completely dependent on a consultant
The percentage of smaller contractors taking an all-company approach is higher than average, and most larger contractors are taking a divisional, or enclave approach
Cost expectations vary widely and, not surprisingly, are lower for smaller organizations. Unexpectedly, the projected cost of CMMC preparation and certification is not inversely correlated to the current degree of compliance with NIST 800-171.