Manufacturing institute MxD releases CMMC playbook to help small business reach level one compliance

By Sara Friedman / July 5, 2022 at 3:42 PM

MxD, a public-private partnership funded by the Defense Department, has published a CMMC playbook to help manufacturing companies meet level one requirements in the Pentagon’s cyber certification program.

The playbook walks through how MxD was able to achieve the 17 security practices at level one. The Pentagon’s Cybersecurity Model Maturity Certification program has three levels and the first one focuses on the federal contract information (FCI) held by defense contractors.

“With this Playbook, MxD delivers a quick-start guide for Level 1, labeling the security practices by degree of difficulty; clarifying instructions; and providing tips from lessons we learned as we implemented these same security practices. A glossary defines some of the terms you will come across as you navigate this process and includes a link to the full National Institute of Standards and Technology (NIST) list of cybersecurity words and acronyms,” the playbook says. It was published June 28.

Laura Elan, MxD’s senior director of cybersecurity, said, “MxD completed Level 1 and saw firsthand the challenges an organization might face with a self-assessment. As the National Center for Cybersecurity in Manufacturing, we wanted to be an early adopter of the CMMC 2.0 requirements and use our experience as a guide to assist other organizations who will complete a self-assessment.”

MxD is part of the Manufacturing USA network of 16 innovation institutes. It focuses on “the digital transformation of U.S. manufacturing, upskilling of our workforce, and cybersecurity” and is funded by the DOD Office of Small Business Programs.

The playbook says, “For manufacturers just starting with CMMC 2.0, MxD recommends looking first at the security practices labeled ‘easy.’ Most organizations will find that they already are implementing at least a portion of them. As you continue on your path, tackle security practices we have identified as ‘medium,’ turning last to those labeled ‘hard.’”

The playbook is intended to complement the MxD Cyber Marketplace, which provides cybersecurity assessments to help organizations understand their security postures. The assessments focus on the NIST cybersecurity framework, NIST Special Publication 800-171 and CMMC.

“Of our nation’s approximately 250,000 manufacturers, 98.5% are considered small- or mid-sized with less than 500 employees; 75% of manufacturers have less than 20 employees,” said Berardino Baratta, vice president of projects and engineering and incoming CEO of MxD. “The Playbook helps these smaller organizations to assess their CMMC compliance in manageable segments to ensure they remain competitive for work with the DOD.”