New U.S. cybersecurity regulations are prompting some small defense suppliers to reconsider military contracts amid rising compliance costs.
The Pentagon’s Cybersecurity Maturity Model Certification (CMMC) program began in November to safeguard controlled unclassified information across federal contracts.
Companies must complete self-assessments under Level One, with stricter audit-based compliance requirements expected to begin by November.
Executives cite lengthy audit backlogs and unclear definitions of protected data as key obstacles to meeting higher standards.
Industry sources say added compliance expenses can reach hundreds of thousands of dollars per company, straining smaller firms.
With 88% of aerospace companies classified as small businesses, concerns are mounting over the resilience of the defense supply chain.
Several aerospace firms report suppliers unwilling or uncertain about meeting stricter certification requirements, raising potential production risks.
Legal experts warn that CMMC could reduce competition, particularly among international suppliers juggling overlapping U.S. and European data regulations.
