Government CMMC
News

CMMC & the Executive Order: A New Era for Shipbuilders

William DePalma
by William DePalma
3 min read
May 2, 2025 at 2:23 PM

America’s shipbuilding renaissance is underway. On April 9, 2025, President Trump signed a sweeping executive order aimed at revitalizing the U.S. shipbuilding industrial base—an industry long seen as vital to both economic strength and national defense. At the same time, shipbuilders supporting the Department of Defense must grapple with rising cybersecurity expectations under the Cybersecurity Maturity Model Certification (CMMC) 2.0 framework.

While the executive order addresses the economic and industrial barriers to expanding shipbuilding capacity, CMMC 2.0 lays out the path for securing the sensitive data that flows through every phase of modern naval construction. For shipbuilders within the Defense Industrial Base (DIB), these initiatives are not separate tracks—they are two halves of a strategic push to ensure the U.S. can build advanced vessels quickly, cost-effectively, and securely.

A New Era of Maritime Industrial Policy

The executive order calls for the creation of a “Maritime Action Plan” (MAP), tasking cabinet-level agencies with developing a long-term vision for expanding the U.S. maritime base. Among its key directives:

  • Expedite procurement reform across the Navy, Coast Guard, and other federal shipbuilding programs.
  • Leverage Defense Production Act authorities to boost domestic production of critical ship components.
  • Counter China’s influence by addressing anti-competitive practices in the global shipbuilding supply chain.
  • Increase U.S. shipbuilding competitiveness through financial incentives, workforce training, and infrastructure investment.

This policy shift acknowledges what defense leaders and industry advocates have long emphasized: a resilient maritime fleet requires more than just shipyards—it demands secure supply chains, skilled personnel, and agile regulatory processes. But while the EO tackles the industrial capacity side of the equation, it’s the cybersecurity foundation—especially under CMMC 2.0—that ensures those investments aren’t undermined by digital threats.

Why CMMC 2.0 Is Now Mission-Critical for Shipbuilders

Ship manufacturers are responsible for some of the most sensitive national security data in existence—from the schematics of nuclear submarines to the digital systems embedded in unmanned underwater vehicles. As contractors to the DoD, many shipbuilders are now required to achieve CMMC Level 2 certification, involving third-party assessments and implementation of all 110 NIST SP 800-171 controls.

Failure to comply doesn’t just risk losing contracts—it puts the Navy’s operational readiness and strategic advantages at risk. The executive order may help remove bureaucratic and financial bottlenecks, but CMMC compliance is what ensures those ships are built in an environment that protects classified capabilities.

Bridging Industrial Expansion and Cybersecurity Compliance

To realize the full promise of the executive order, shipbuilders must integrate robust cybersecurity into their expansion strategies. As new shipbuilding initiatives launch, especially through joint ventures or foreign partnerships (like HII’s collaboration with South Korea’s HD Hyundai Heavy Industries), ensuring consistent data protection across borders and facilities becomes essential.

Some of the CMMC-aligned best practices for shipbuilders include:

  • Implementing facility-wide physical and digital access controls across shipyards.
  • Securing technical documentation systems that manage design blueprints and maintenance records.
  • Protecting supplier communications via encrypted, monitored portals and networks.
  • Maintaining continuous monitoring of digital systems and physical zones involved in naval construction.

A Coordinated Mandate for Resilience

The executive order recognizes the urgent need to onshore production, reduce dependency on adversarial supply chains, and streamline procurement. But without a parallel emphasis on cybersecurity, any new investments in infrastructure or procurement speed will be vulnerable to compromise. That’s why shipbuilders must treat CMMC compliance as a foundational capability—not an afterthought.

Conclusion: Compliance as a Catalyst for Growth

The revitalization of America’s shipbuilding base depends on more than new dry docks and manufacturing lines. It depends on secure, compliant environments capable of protecting the technical backbone of naval superiority. As the Maritime Action Plan takes shape, defense-focused shipbuilders must align their growth with both industrial and cybersecurity expectations.

In doing so, they not only secure their position in the future defense economy—they help secure the future fleet.

At Compass, we work closely with both prime and subcontractors across the defense industrial base to support their efforts in meeting CMMC compliance requirements. Whether you're preparing for certification or strengthening existing practices, our team understands the evolving expectations placed on defense contractors. If you’re navigating the path to compliance and want to ensure you’re on the right track, contact us to learn how we can support your organization.

Contact Us
Previous story
← SOC 2 & Managed Security Services: A Perfect Partnership for SMBs
Next story
What Makes an Industry-Leading Cyber Insurance Policy Today? →
CMMC: Moving Away from Self-Assessments
A woman takes notes next to a laptop
Government

CMMC: Moving Away from Self-Assessments

July 2, 2020 at 1:00 PM 3 min read
An Introduction to CMMC Compliance
NIST

An Introduction to CMMC Compliance

September 30, 2021 at 1:00 PM 3 min read
What Is a C3PAO in CMMC?
CMMC C3PAO
Compliance

What Is a C3PAO in CMMC?

December 2, 2024 at 1:45 PM 3 min read

Get Email Notifications

No Comments Yet

Let us know what you think