Less than 50% of Defense Industrial Base organizations prepared for upcoming compliance milestone
A newly released report from Kiteworks and Coalfire sheds light on the widespread lack of preparedness among contractors in the Defense Industrial Base (DIB) for the Cybersecurity Maturity Model Certification (CMMC) 2.0. Titled “State of CMMC 2.0 Preparedness in the DIB”, the report reveals that with compliance deadlines on the horizon, most organizations are still scrambling to meet requirements.
The study, which surveyed 209 senior leaders across DIB firms via research firm Centiment, found that just 46% of contractors feel ready to pursue Level 2 certification. Alarmingly, 57% have not completed a comprehensive gap analysis against NIST SP 800-171 standards; a critical step toward compliance.
“These findings should serve as a wake-up call for the Defense Industrial Base,” said Frank Balonis, CISO and SVP of Operations at Kiteworks. “With nearly half of contractors lacking a detailed Plan of Action and Milestones to address compliance gaps, and over one-third operating without comprehensive policies for Controlled Unclassified Information protection, the DIB faces substantial cybersecurity vulnerabilities that put sensitive defense information at risk.”
Key insights from the report include:
- Only 44% of DIB organizations have implemented continuous monitoring for systems within CMMC 2.0 Level 2 scope.
- Just under 53% have enforced full access control measures across all applicable systems.
- Over 30% lack mechanisms to ensure third parties can access only authorized Controlled Unclassified Information (CUI).
- More than 30% have not rolled out multi-factor authentication for all systems handling sensitive data.
- The top perceived hurdles to compliance include technical implementation (44%) and budget/resource constraints (43%).
“The complexity of CMMC 2.0 requirements is driving organizations to seek expert guidance, with nearly 80% of DIB contractors engaging third-party consultants, Registered Provider Organizations, or C3PAOs,” said Tom McAndrew, CEO of Coalfire. “As an advisory services provider and an authorized C3PAO, we’re witnessing firsthand how critical expert assessment and implementation guidance is for organizations navigating these complex requirements.”
Despite the daunting landscape, there are solutions that can fast-track readiness. The Kiteworks Private Content Network addresses up to 90% of the required 110 CMMC 2.0 Level 2 controls, offering secure communications and data governance. Coalfire brings added value through its C3PAO-certified assessment services, helping contractors validate and sustain compliance.
“The path to CMMC 2.0 compliance doesn’t need to be overwhelming,” added Balonis. “With the right technology solutions and expert guidance, DIB contractors can efficiently implement the necessary controls while strengthening their overall security posture against evolving threats.”
The full report is available for download here: State of CMMC 2.0 Preparedness in the DIB
An expert roundtable discussing the report’s findings will be held on April 2 at 10 AM PT / 1 PM ET. Secure your spot here: Register for the roundtable
About Kiteworks
Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive data. The Kiteworks platform provides customers with a Private Data Network that delivers content governance, compliance, and protection. The platform unifies, tracks, controls, and secures sensitive data moving within, into, and out of their organization, significantly improving risk management and ensuring regulatory compliance on all sensitive data communications. Headquartered in Silicon Valley, Kiteworks protects over 100 million end-users for over 35,000 global enterprises and government agencies.
About Coalfire
Coalfire, headquartered in Denver, Colorado, is a global services and solutions company specializing in advisory, assessment, and cybersecurity. The company develops cutting-edge technology platforms that automate defenses against security threats for the world’s leading enterprises, cloud providers, and SaaS companies. Coalfire is the foremost provider of FedRAMP compliance assessments and penetration testing services in the United States.
