u/cashmgee

▲ 4 r/CMMC

Cui outlook

I know this is very reliant out industry and which industry you reside in, but how do you guys project cui in the future when analyzing costs of becoming lvl 2 compliant ?

We are mostly defense /aerospace, but far down the list of subs . Im not in a decision making role, but am tasked in the cmmc space . I personally dont see it as worthwhile in relation to the costs , but am not sure how the projection looks in the future in terms of volume of our work.

Much of our work is EC , but I doubt they retroactively classify much of it as cui. Many of our primes are still using unsecured methods of sending cui down to us 😆

Anyway, how do we see this playing out ?

reddit.com
u/cashmgee — 5 days ago
▲ 33 r/CMMC

Subjective bs

This is all subjective bs .

Audits should be black and white. Either you do or don't. Not interpretive. Not subjective.

But this is the hand we are dealt .

That and my 80 year old boss who's been wrong for the last 3 years is hard headed as fck. Just brought me on 2 months ago, ive been with company 15 years. Never any cyber experience but plenty of other auidt compliance work.

Had a msp hired that never did compliance . He's already spent 180k on it and I called the msp out on his bs and he bailed . We have a bad srps score now and are sitting at square one because my boss never followed up on anything .

This along witb the fact that primes dont even follow their own rules.

Im sitting here with a dist statement e as a low lvl sub 😆 Had to vent. Feel lost .

Hope you all are having a better Monday than I am.

reddit.com
u/cashmgee — 7 days ago