What Primes are Saying to Their Subs

December 2, 2024

With CMMC regulations taking effect on December 16th and entering contracts by mid-2025, Primes are increasing the pressure on their subcontractors to become compliant. The directive is clear: only subcontractors that are CMMC compliant or actively moving towards compliance will be considered.

The CISOs from Leidos and BAE Systems sent a strong message at PreVeil’s CMMC Summit last month: Take concrete steps towards CMMC compliance now or risk getting excluded from future contracts.

The Time for Compliance is Now

Primes are required to ensure their supply chain aligns with the rigorous standards set forth by CMMC. As the CISO at Leidos, JR Williams, stated:

For the last year we’ve been trying to get ahead of CMMC and our focus has been on our really key suppliers and helping them get where they need to be.

Although CMMC may not enter contracts until mid-2025, many Prime contractors are requiring their subcontractors meet the CMMC requirements ahead of time. As the VP of Information Security at BAE Systems, Doug Burns, warned:

If you’re not compliant and don’t have a path to get there, you’re probably late.

Non-compliance Can Mean Lost Opportunities

The stakes have never been higher for subcontractors as Prime contractors are increasingly incorporating CMMC certification into their vendor selection process. As JR Williamson explained:

“We may have a really great supplier with a perfect solution, but if they’re not certified and won’t be for another 12-15 months, we just can’t use them.“

The ongoing shift from self-certification under DFARS to the third-party assessed CMMC model underscores the need for subcontractors to demonstrate not just intent but actually achieving compliance to ensure they continue winning defense contracts.

Primes Are Prepared to Assist in Compliance

Despite the challenges posed by CMMC, Prime contractors are ready and willing to support their subcontractors through this transition. Primes are helping by sharing resources and best practices to actively uplift their supply chains. Here’s what Jr Williamson said, emphasizing the supportive nature of the relationship between primes and subcontractors:

…there’s a lot of hugging going on to help folks get there.

Primes realize the challenge of achieving compliance and know it is not an easy task. They understand it is in their best interest to help their supply chain achieve compliance.

Conclusion

For subcontractors, the message from Primes is clear: Protect CUI, meet the 110 controls of NIST 800-171 and achieve CMMC Compliance. The future of your business may depend on it.

PreVeil is the leading solution for DFARS 7012, NIST 800-171 and CMMC compliance and is trusted by more than 1,500 small and midsize defense contractors. In addition, over a dozen PreVeil customers have achieved compliance with DFARS 7012- validated by a perfect 110 score on their C3PAO or DoD assessment. PreVeil is used by over 1,500 defense contractors and provides a comprehensive solution to expedite CMMC compliance.To learn more about how PreVeil can help your organization achieve DFARS 7012 and CMMC Level 2 compliance, schedule a free 15 minute call with our compliance team.

Author

Orlee Berlove, reviewed by Noël Vestal, PMP, CMMC RP

Noël Vestal is PreVeil's Compliance Officer and CMMC Certified Professional (CCP) with over 15 years in DoD IT program management. She implemented the NIST 800-171/CMMC Level 2 compliance program for an OSC member of the DIB. She has her M.S. in Information Technology and holds certifications from the CMMC Accreditation Body (CyberAB), Project Management Professional (PMP), and CompTIA’s Security + certification.

Orlee Berlove has been a marketing leader for over 25 years, and is currently the Senior Director of Marketing at PreVeil. She has her Masters of Engineering, Operations Research and her Bachelor of Arts from Cornell University.

Related Blog

See All Blog

November 26, 2024

What is DFARS 252.204-7012 and Why It’s Important

CMMC, DFARS, NIST 800-171

November 25, 2024

6 Ways to Save Money on CMMC Costs

CMMC