A new set of cybersecurity regulations issued by the Department of Defense will affect over 300,000 defense suppliers across the nation, including many in Texas, according to researchers at Southern Methodist University.
The new cyber standards require companies of all sizes, from major contractors like Lockheed Martin and Raytheon to much smaller suppliers, to comply with enhanced security measures mandated by the DoD or ultimately risk losing their defense contracts.
The Cybersecurity Maturity Model Certification (CMMC) Program was developed to address vulnerabilities in the defense supply system that could be exploited digitally. The recently updated CMMC, which became an official requirement for select suppliers in December 2024, now imposes even more cybersecurity standards for companies handling Controlled Unclassified Information (CUI).
CUI includes sensitive documents, technical data, and schematics that could be targeted by cyber enemies, per the DoD.
The CMMC also introduces different levels of security requirements that vary based on the level of access to sensitive information. As companies work to assess their compliance levels they will need to take specific steps to ensure they meet the security requirements set by the DoD. The process could be particularly challenging for small and mid-sized businesses, many of which lack the cybersecurity resources that larger companies have on payroll, according to a report from Dallas Innovates.
According to SMU researchers, the shift will have a big “impact ” on a number of Texas-based defense manufacturers and contractors. To help the state adjust to the new regulations, the university is hosting the Southwest CMMC Implementation Conference on February 19-20.
The conference will also highlight how CMMC compliance can offer a competitive edge in an increasingly security-conscious market for many businesses across Texas.
SMU is one of only four universities nationwide recognized as an official provider of CMMC training. The upcoming conference is a “gateway to vital information that industry professionals and service providers need to protect government information effectively and stay ahead of the impending wave of cyber regulations,” the event’s website states.