Kiteworks and Coalfire released today a comprehensive report titled “State of CMMC 2.0 Preparedness in the DIB” that reveals critical readiness gaps among defense contractors as they work toward Cybersecurity Maturity Model Certification (CMMC) 2.0 compliance.

The report findings indicate that despite approaching deadlines, a majority of Defense Industrial Base (DIB) contractors are significantly behind in their preparedness efforts. Only 46% of organizations surveyed reported being ready to seek CMMC 2.0 Level 2 certification, while 57% have yet to complete a thorough gap analysis against NIST SP 800-171 requirements. The report surveyed 209 senior leaders from DIB organizations—which was conducted by third-party survey provider Centiment—on their CMMC 2.0 Level 2 readiness.

“These findings should serve as a wake-up call for the Defense Industrial Base,” said Frank Balonis, CISO and SVP of Operations at Kiteworks. “With nearly half of contractors lacking a detailed Plan of Action and Milestones to address compliance gaps, and over one-third operating without comprehensive policies for Controlled Unclassified Information protection, the DIB faces substantial cybersecurity vulnerabilities that put sensitive defense information at risk.”

The report highlights several concerning trends:

Only 44% of DIB contractors have implemented continuous monitoring for systems within the scope of CMMC 2.0 Level 2 compliance.

Less than 53% have fully implemented required access control measures across all relevant systems.

Over 30% lack advanced controls to ensure third parties can only access CUI to which they are authorized.

More than 30% do not enforce multi-factor authentication across all systems processing or storing sensitive data.

Technical implementation challenges represent the greatest perceived obstacle to achieving compliance, cited by 44% of respondents, followed closely by budgetary and resource constraints at 43%.

“The complexity of CMMC 2.0 requirements is driving organizations to seek expert guidance, with nearly 80% of DIB contractors engaging third-party consultants, Registered Provider Organizations, or C3PAOs,” said Tom McAndrew, CEO at Coalfire. “As an advisory services provider and an authorized C3PAO, we’re witnessing firsthand how critical expert assessment and implementation guidance are for organizations navigating these complex requirements.”

While the compliance landscape appears challenging, the report also outlines pathways to accelerate readiness. Kiteworks’ Private Content Network solution helps organizations satisfy up to 90% of the 110 controls required for CMMC 2.0 Level 2 certification, providing a comprehensive approach to securing sensitive defense information across communication channels. Meanwhile, Coalfire’s C3PAO certification services offer the expert assessment and validation needed to achieve and maintain compliance.

“The path to CMMC 2.0 compliance doesn’t need to be overwhelming,” added Balonis. “With the right technology solutions and expert guidance, DIB contractors can efficiently implement the necessary controls while strengthening their overall security posture against evolving threats.”

The full report, “State of CMMC 2.0 Preparedness in the DIB,” can be downloaded at https://www.kiteworks.com/cmmc-preparedness-dib-report/.

Findings from the report will be discussed in-depth in a roundtable on April 2 at 10 AM PT | 1 PM ET featuring subject-matter experts from Kiteworks and Coalfire. Register to attend the roundtable at https://info.kiteworks.com/closing-the-gap-critical-insights-on-achieving-cmmc-2.0-compliance.