CMMC: Get ahead by doing the bare minimum

By Ryan Nelson, Market Intelligence Manager

If you’ve been involved in federal sales for any time at all, you know that government cybersecurity professionals have been asking – pleading, in some cases – for vendors to “bake-in” risk management into their proposal. And while the industry does seem to be inching in that direction, it’s still a topic of great concern among agency IT leaders.

That’s why, if you really want to set yourself apart in federal sales, you need to do the bare minimum, and build your proposals with an eye toward compliance with Cybersecurity Maturity Model Certification 2.0. By doing the bare minimum, you’ll actually stand out from your less motivated competition, and stand a better chance at having your proposal come out on top.

At a recent AFCEA TechNet Cyber show in Baltimore, a panel of cyber experts was once again bemoaning this seeming lack of cooperation with industry’s compliance with cybersecurity directives.
CMMC 2.0 is the latest iteration of the cybersecurity certification, which is aimed at protecting the federal infrastructure from complex cyberattacks. It’s intended to cut red tape for small- and medium-sized businesses and help DoD and industry work together to address evolving cyber threats.
TechNet panelists (everyone from the senior tech advisor for the Operations and Infrastructure Center at DISA to the Army CIO cybersecurity director) were adamant about one thing: CMMC risk mitigation needs to be written into every single proposal.

Everybody needs to do the self-assessment and explain how they’re going to mitigate risk when selling cybersecurity solutions into the government. That was the consensus opinion of the entire panel, who were frustrated that many companies are still missing the small steps that have big impacts on their proposals.

So here’s the simple sales takeaway: According to agency decision-makers, the best way to move your proposal to the top of the stack is to eliminate the workload on the reviewing contract officer. Do the homework and write the proposal to include what agencies want to read – and more importantly, what they require.

As long as some in industry continue to miss the small steps, the rest seem to have a relatively easy opportunity to get their products or services to the top of the list at the agency level just by doing the bare minimum.

immixGroup’s Market Intelligence FY22 briefings are now available on demand. View them here:

• Federal Civilian FY22 Budget Briefing
• DoD FY 2022 Budget Briefing

Want to keep on top of trends in the government marketplace? Subscribe to immixGroup’s Government Sales Insider blog now.