Unfortunately for the 1-person companies out there, this thought is just wishful thinking. CMMC is for all companies who will handle sensitive DoD information. To the DoD, a 1-person company is just as liable for a hack as a 100+ person company. There is concern that a 1-person company will find the costs of CMMC compliance too burdensome, but the DoD is looking for contractors who can afford the requirements of CMMC and they will find them. If you are a very small company who will fall under CMMC compliance, it is vital to your DoD contract revenue to look at CMMC with clear eyes and a thorough understanding of what you must do.

Further reading from an authoritative source: https://www.acq.osd.mil/cmmc/draft.html



Founded in 2000 by a retired Air Force Chief Master Sergeant, TechSage Solutions has had an eye for cyber security since it’s beginning. As the world of cyber security compliance standards has evolved over the past 20 years, CEO John Hill has always been mindful of what today’s regulatory environment calls for and what future needs will be. CMMC has been on TechSage Solutions radar for a while now because several of TechSage’s clients are DoD contractors and together, we’ve had to deal with NIST SP 800-171 requirements. For TechSage Solutions, CMMC is just another development in a world we’re already comfortable in. If your MSP has not discussed the current and future implications of CMMC for your organization, the time is now to consider what this lack or preparation will truly cost you. Industry experts have made it clear that organizations who are on the front of CMMC adoption will carry a competitive advantage in a highly competitive DoD contractor industry, so don’t wait to determine your organization’s plan. For further resources, please visit: www.myCMMCjourney.com or call 210-582-5814 and request the free guide for business owners and executives titled: “Planning Your CMMC Journey: 5 Questions You Should Be Asking”.”