As the DFARS Interim rules go into effect this got me thinking about how will small businsses in the DIB handle the required trainings, certifications, and assessments.

So I did some digging through publicly available data here in Connecticut.

650 or so companies share around 16-20 billion every year.

Sounds like a lot of money. #cmmc is just gonna be cost of doing business, right?

Yet when you dig down deeper only 300 companies had DoD awards 6 figures or higher.

Granted this does not include money from primes that flow down to the subs. Just companies listed on DoD contracts.

United Technologies Corporation, Sikorsky Aircraft Corporation, and Electric Boat Corporation use the same companies and they make up the lion share of DoD awards (EB alone uses 900 subs).

I also did my data mining fast and may have missed some key awards…

Still if your DoD revenue is around 6 figured #cmmc maybe cost prohibitive.

This is why I see advocating for three solutions

  1. State budgets account for training and provide grants/loans and regional training centers.
  2. The DoD pick up the tab and do some training RFPs…We are talking pennies in terms of DoD spending but life or death for small businesses.
  3. Alignment with Higher Ed and workforce development.

If you believe in #cybersecurity everybody right now needs to find out the relevant committee chairs of their state legislatures and start sending emails and making phone calls. “Red and White” by Vaidas M is licensed under CC BY-NC-ND