Global Citizenship: Together for a Perfect PCB Solution
Smart Automation: Odd-form Assembly—Dedicated Insertion Equipment Matters
Nolan’s Notes: Everyone Has Their Eye on India
CMMC 2.0: Are You Ready?
July 6, 2022 | Nolan Johnson, I-Connect007Estimated reading time: 3 minutes
Nolan Johnson discusses with Ryan Bonner of DEFCERT exactly where and how EMS companies should aim for CMMC certification. Organizations, he says, “need to avoid false dichotomies where they assume that either CMMC is a go or it’s not happening at all. All the government mandated reviews to keep CMMC moving forward, resulting in new contract clauses, are already underway. The rule making is scheduled; it will happen.
Nolan Johnson: Ryan, what’s the status of CMMC 2.0?
Ryan Bonner: The aspects of CMMC 2.0 that those contractors can act on now, even while we wait on other components, are the model itself and the assessment guide. Those are the two documents that are most appropriate for contractors. Because those two items are in place, there is a path forward for CMMC, even while secondary aspects of CMMC, like the C3PAOs assessment process or the eventual contract clauses that will drive adoption, are under the surface, if you will, and are going through rule making.
Johnson: There is something tangible that we can proceed with in anticipation of everything else coming into place.
Bonner: Absolutely. Many organizations don’t realize that the shift to CMMC 2.0 was the outcome of a review by the Government Accountability Office. I believe it was congressionally mandated as well under the National Defense Authorization Act. That process has already been completed.
The big change coming out of that review process was to shrink the model back to only the requirements described in the original parent document, NIST 800-171. That creates a situation where now the CMMC model under 2.0 is identical to the requirements and assessment content that’s in both NIST 800-171 and NIST 800-171A (the document used to assess 800-171). Those are identical. They’re in lockstep. There’s no appreciable difference between the two.
Johnson: If my company has already completed NIST 800-171, what does this mean regarding CMMC?
Bonner: You should be aware of two ways you might be assessed or graded against what you’ve already done. If you have already worked on 800-171, or even completed your implementation, you have two pathways. The first is being assessed by the government or the defense contract management agency that’s done through their DIBCAC (Defense Industrial Base Cybersecurity Assessment Center) teams. But the DIBCAC teams, at no cost to you, schedule either a moderate confidence or high confidence assessment and, because of that, assign you a completion score using their assessment methodology. That’s one way to be assessed against NIST 800-171.
The other pathway is a proactive approach where you seek CMMC certification. This involves the accreditation body and their authorized assessing organizations, which are the C3PAOs coming in and, at your cost, you are assessed and then certified. That certification is expected to be good for three years. The difference there is that contracting officers are allowed to request your CMMC certification as a source selection criterion for awards. That’s the big shift. Organizations that want to skip many of the government audited steps can go straight to private sector certification, and then have that on file to show you’ve completed everything in NIST 800-171.
They’re not mutually exclusive, so if organizations haven’t completed NIST 800-171 implementations, there is an additional change to rule making that we expect next March. It will involve setting either certain minimum threshold scores or specifying which of the 800-171 requirements must be done as a prerequisite for contract awards while other, perhaps less vital implementations, can be saved until a 180-day window after-contract award.
Johnson: Sounds like there’s room there to transition without being completely locked out.
Bonner: Correct. Organizations should be aware of how compressed a 180-day window is for completing your implementations. It’s not a lot of time based on how long it seems to take most contractors to implement.
Continue reading the rest of this interview in the July 2022 issue of SMT007 Magazine.
Share on:
Testimonial
"In a year when every marketing dollar mattered, I chose to keep I-Connect007 in our 2025 plan. Their commitment to high-quality, insightful content aligns with Koh Young’s values and helps readers navigate a changing industry. "
Brent Fischthal - Koh YoungSuggested Items
It's Only Common Sense: Leveraging AI in Your Sales Strategy
09/01/2025 | Dan Beaulieu -- Column: It's Only Common SenseLet’s get one thing straight: AI isn’t here to replace you; it’s here to make you smarter and faster. Every time a new tool shows up, half the sales floor panics: “They’re going to automate us out of a job!” This is shouted while doomscrolling LinkedIn. Relax. Sales is still, and will always be, about human connection, trust, and delivering value. However, if you’re not using AI to your advantage, you’re handing your competitors a loaded gun and asking them to shoot first.
Global Sourcing Spotlight: How to Evaluate Supplier Capabilities Worldwide
08/20/2025 | Bob Duke -- Column: Global Sourcing SpotlightIn global sourcing, the difference between a competitive edge and a catastrophic disruption often comes down to how well you vet your suppliers. Sourcing advanced PCBs, precision components, or materials for complex assemblies demands diligence, skepticism, and more than a little time on airplanes. Here’s how to do your due diligence when evaluating international suppliers and why cutting corners can cost you more than money.
It’s Only Common Sense: Why Failure Is an Opportunity for Growth
08/18/2025 | Dan Beaulieu -- Column: It's Only Common SenseIt’s only common sense that failure, as painful as it may be, is one of the best teachers. Whether you’re running a business, managing a team, or navigating your personal journey, failure offers an unparalleled opportunity to learn, grow, and emerge stronger. If you’re not failing now and then, you’re likely not trying hard enough or pushing yourself out of your comfort zone. Here’s why failure is not just inevitable but also invaluable, and how to use it as a steppingstone to success.
Global PCB Connections: Understanding the General Fabrication Process—A Designer’s Hidden Advantage
08/14/2025 | Markus Voeltz -- Column: Global PCB ConnectionsDesigners don’t need to become fabricators, but understanding the basics of PCB fabrication can save you time, money, and frustration. The more you understand what’s happening on the shop floor, the better you’ll be able to prevent downstream issues. As you move into more advanced designs like HDI, flex circuits, stacked vias, and embedded components, this foundational knowledge becomes even more critical. Remember: the fabricator is your partner.
The Marketing Minute: A Brand Visibility Playbook—Get Seen, Heard, and Remembered
06/18/2025 | Brittany Martin -- Column: The Marketing MinuteIn the competitive world of electronics, recognition isn’t given—it’s earned. With so many companies vying for attention, how do you ensure your brand voice stands out and stays top-of-mind? This month, I’m focusing on building recognition using three high-impact tools: social media, paid advertising, and thought leadership.