Buffoli Transfer Machines
Published

The Cost of CMMC for Small Manufacturing Businesses

Here are examples of costs and challenges unique to small business manufacturers operating in the Defense Industrial Base relative to Cybersecurity Maturity Model Certification.

Allison Giddens, Co-President, Win-Tech

Share

Cybersecurity

Small manufacturing businesses face unique challenges in terms of attaining Cybersecurity Maturity Model Certification to serve the U.S. Defense Industrial Base. Source: U.S. DOD

Knowing I’m a small manufacturing business owner, people occasionally ask me about various topics in the manufacturing space ranging from compliance cost expectations to business processes. This includes Cybersecurity Maturity Model Certification (CMMC).

Manufacturers such as Win-Tech Inc. can have various types of equipment on the shop floor — some new, some decades old yet tried and true. Manufacturers in the Defense Industrial Base (DIB) have long-established business processes after an industry has stressed importance on quality, price and lead time, but not cybersecurity.

Below I share some of the nuances for a company like ours relative to navigating CMMC, although this is in no way an exhaustive list. Note that these aren’t “excuses” for a manufacturer not to be secure and compliant. Rather, these are bits of context to provide insight into unique challenges manufacturers face. If you don’t know much about DIB manufacturing, this might be news to you, because you don’t know what you don’t know. And perhaps this provides some insight into those less familiar with the manufacturing space.

  • Required expertise. CMMC is not something a typical small business machine shop reads and implements overnight. Similar to existing key roles on a shop floor, such as a skilled CNC programmer, expertise comes with a price. Expertise in CMMC is not a traditional expense in a small machine shop environment. These types of support roles are allocated differently in accounting, specifically in the DIB. Whether a company hires a managed service provider (MSP) or creates an internal position, the required expertise to navigate CMMC compliance and implementation in a shop environment is exceptional.
  • Resource constraints. There are only so many hours in a day for shops that opt to take on many aspects of CMMC internally. Employees in a small business often wear many hats. It’s not uncommon for the owner to be in charge of business development, cutting checks to vendors and also communicating order updates to customers. The small business owner is ultimately responsible for CMMC compliance, but this priority is just one of many on the owner’s plate.
  • Lack of leverage in negotiating license fees. Small businesses have limited negotiating power — software licenses are best purchased in bulk. Economies of scale matter. Many vendors have standard pricing models that do not accommodate the needs of small businesses. Some require a minimum license purchase. These challenges often limit small businesses to working with specific resellers or price-out small businesses altogether. A five-digit license bill weighs more in a small business than across a single division at a large prime supplier.
  • Hidden shopfloor costs. A small business manufacturer might have millions of dollars of heavy equipment on the shop floor. Some old machines might only work with end-of-life operating systems, introducing higher risk to the data involved on that workstation and machine. A business owner is often presented with expensive options to mitigate the risk: Change a working business process or replace the functional equipment with new equipment simply to be compatible with a new operating system.

I’ve presented these points in a LinkedIn post you can find at gbm.media/cmmc-724. I welcome you to please visit and share your experiences, opinions or comments about CMMC as it relates to small manufacturing companies in the DIB.

About the Author

Allison Giddens, Win-Tech

Allison Giddens

Allison Giddens is co-president at Win-Tech, a veteran-owned, woman-owned small business manufacturer specializing in aerospace precision-machined parts.

Buffoli Transfer Machines
Marubeni Citizen CNC
SolidCAM
manufacturer of machine tools
Star swiss-type automatic lathes
Efficient, Durability, Advanced CBN Abrasives
Horn USA
Kyocera

Read Next

PMPA

Do You Have Single Points of Failure?

Plans need to be in place before a catastrophic event occurs.

Read More

A Tooling Workshop Worth a Visit

Marubeni Citizen-Cincom’s tooling and accessory workshop offers a chance to learn more about ancillary devices that can boost machining efficiency and capability.

Read More
Measurement

Seeing Automated Workpiece Measurement in Real Time

User-friendly inspection software for CNC machining centers was shown at IMTS 2024 monitoring measurements between and after machining while performing SPC based on recorded measurement values.

Read More
Buffoli Rotary Transfer Machines