CMMC Rules Present Difficulty for Small Suppliers

March 17, 2026

“We’ve been involved in some processes where we’re trying to get the government to give people a little bit of leeway, and they’ve been unyielding on it,” Avatara CEO says.

It’s here, it’s real, and it’s not necessarily your friend.

That’s how some smaller suppliers are treating the Department of Defense (DOD) Cybersecurity Maturity Model Certification (CMMC) requirements. Enforcement is now tied to the outcome of third-party cybersecurity audits—prior to the new rule change, companies were expected to self-assess compliance—which has boosted the difficulty of meeting security standards.

According to Avatara's CEO Rob McCormick, there’s little chance that the federal government will bend on the requirements, making compliance a necessity to win and fulfill government defense contracts.

Read full article

About Avatara

Headquartered in St. Louis, Avatara is the developer of Avatara Platform, a fully-managed, all-inclusive, IT systems-as-a-service platform that allows businesses to significantly cut their annual IT spend, while meeting the rising tide of security and compliance standards impacting industries throughout the world. Avatara solves the problem of increasing cost, complexity, and compliance – The Three C’s of IT. We eliminate the endless cycle of acquiring, building, and maintaining an ever-evolving technology foundation to run your business.

Since its founding over 20 years ago, Avatara has worked with hundreds of businesses spanning a range of industries, including defense contractors, manufacturing, architecture, engineering, construction, healthcare, legal, finance, and retail sectors, among many others.