Cybersecurity Maturity Model Certification (CMMC) was introduced by the US Department of Defense (DoD) in 2020 in order to establish and improve cyber security standards across the supply chains, requiring prime contractors and their subcontractors across the defense industrial base to meet a certain level of requirements against the stated CMMC objectives.
Any supplier that performs work for the DoD will be required to meet the standards set by CMMC achieving at least some maturity level (from level 1 to 5) by 2026. For example, currently, there are seven contracts with the US Navy, US Air Force, and Missile Defense Agency that are required to implement CMMC. Thus, Aerospace and defense (A&D) companies planning to bid for such contracts in the future must start preparing for a phased implementation of CMMC. Moreover, the DoD has introduced further changes to its CMMC program by introducing an updated framework CMMC 2.0.
With over 300,000 subcontractors and contractors in the defense industrial base community, CMMC compliance (Cybersecurity Maturity Model Certification) risk is a significant blind spot for most prime contractors across their supply chain. Assessing CMMC risk is complex, and time-consuming, and hence, it requires scarce and highly specialized security resources, costing as much as $1.15 million per 2,000 suppliers getting assessed. Getting a holistic view of a supplier requires multiple platforms, and various data sources, and is often an incomplete picture. Gaps in supplier compliance can lead to false claims act penalties, breaches, and hacks. Existing methods of questionnaires are difficult to assess, based on self-attestation, and are following a lengthy end-to-end process.
The joint HCLTech and ISMS Vendor Verifier Solution with SAP Ariba can help address some of the above challenges by providing meaningful KPIs that detail compliance and drill-down level data to increase vendor supply chain security. The data produced via the SAP analytics cloud aggregates the status of suppliers to accelerate CMMC compliance across your supply chain. Current supplier risk questionnaires can be assessed using the tool to verify supplier maturity and provide detailed analysis.
“ Our partnership with HCLTech marks a significant milestone for our Vendor Verifier solution. The combination provides a more efficient and user-friendly approach allowing SAP Ariba customers to obtain analytics empowering them to make better decisions based on their vendors' cybersecurity status.” - Carr Davis, Founder, ISMS Applications.
Figure 1: Highlights of Joint HCLTech and ISMS Vendor Verifier Solution
How can we help: HCLTech SAP Ariba Practice
HCLTech’s SAP Ariba team is one of the newest and fastest-growing businesses within the SAP & Digital Business portfolio. We are dedicated to the delivery of leading supply chain and procurement solutions to our clients worldwide. Our skilled and certified professionals have the broadest and deepest SAP Ariba experience, led by a team with an average of 15 years of experience in deploying global SAP Ariba solutions across multiple industries. Some of these leaders are former SAP Ariba employees who have participated in the solution suite’s evolution.
Working with an HCLTech SAP team connects you to an entire community of experienced A&D subject matter experts within our company and across the SAP ecosystem. As a world-class SAP Ariba implementation partner, HCLTech has unique connections with the SAP product development and support teams in the US and Europe, as well as the installed base of SAP Ariba users. We have a strong track record in delivering a wide variety of projects and supporting some of the world’s leading brands in their source-to-pay transformation journeys.
Information sources:
