Cybersecurity Maturity Model Certification (CMMC) Implications for Aerospace Defense Contractor’s Telemetry Operations

Abstract

In response to repeated IT network compromise from its vast contractor base (Defense Industrial Base, DIB), the Department of Defense (DoD) will soon be mandating that its contractor’s IT environments satisfy requirements set out in their newly adopted Cybersecurity Maturity Model [1]. Failure to comply will result in companies not being allowed to bid on DoD contracts. While the scope of CMMC appears daunting, a closer inspection reveals reliance and reference to other well-established National Institute of Standards and Technology (NIST) guidelines for contractors, such as NIST SP 800-171 [2], as well as principles for a well layered IT security defense found in other standards. After reviewing the model and maturity compliance levels, areas of the model particularly germane to defense contractors involved in telemetry activities will be reviewed with emphasis on proposed strategies for both satisfying the mandate as well as successfully navigating impending CMMC audits.