SlideShare una empresa de Scribd logo

DFARS & CMMC Overview

Descargar como PPTX, PDF
Ignyte Assurance Platform
Ignyte Assurance Platform

Why does DFARS exist? Current requirements for companies with Controlled Unclassified Information (CUI) or DoD Covered Defense Information (CDI) What is CMMC?

Software
1 de 37
WEBINAR SERIES. Part 2 31 March 2021 10:30 AM EST Hosted by CATALYST CONNECTION Max Aulakh Founder & CEO DFARS & CMMC Overview
Who’s driving this webinar? Max Aulakh Founder & CEO About our Speaker C-SUITE DEFENSE & ASSURANCE LEADER S P E C I A L G U E S T As a Data Security and Compliance Leader, he delivers DoD-tested security strategies and compliance that safeguard mission-critical IT operations. Having trained and excelled in The United States Air Force, he maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global networks — both classified and unclassified. He drove the Information Assurance (IA) programs for the U.S. Department of Defense (DoD). Facilitated by Connie Palucka Vice President, Consulting at Catalyst Connection Connie joined Catalyst Connection in 2005 and brings over 25 years of global sales, business development, and product development experience to her role as the Managing Director of Regional Initiatives. She leads a team that secures and executes grants initiatives to support manufacturers and build the region’s vibrancy. She also works with regional academic institutions, economic development organizations and regional manufacturers to build new capabilities and help make Southwestern Pennsylvania a model for the nation.
Session 3: DFARS NIST 800-171 Compliance Process 1. Setting up your compliance program at the corporate level 2. Conducting Rapid - Low Fidelity Assessment for generating SPRS Scores 3.Developing a completed SSP (System Security Plan). 4.How and why to create a POA&M (Plan of Actions & Milestones).
• Webinar 1: Laying the Foundation – The Need for Cybersecurity in U.S. Manufacturing • Webinar 2: DFARS & CMMC Overview • Webinar 3: DFARS NIST 800-171 Compliance Process • Webinar 4: Real Company Examples • Webinar 5: CMMC Breakdown • Session 6: Risk Mitigation 6-Part Webinar Series: CYBER RESILIENCY FOR DEFENSE CONTRACTORS
Why does DFARS exist? Current requirements for companies with CUI or CDI. What is CMMC? Today’s Lessons Learned 1 2 3
DFARS Overview
Reasons why does DFARS exist Supply chain attacks, which exploit security weaknesses in third-party services to strike a target, increased 78% just in one year alone (between 2017 and 2018) according to Symantec’s 2019 Internet Security Threat Report*, and the trend is increasing each year. 1 Defense contractors are increasingly investing in digital technologies to help accelerate product development, improve existing processes, and increase efficiency. Digitization results in highly sensitive and confidential data being stored long term and shared internally as well as externally. 2 *Symantec, 2019 Internet Security Threat Report, https://www. symantec.com/en/hk/security-center/threat-report.
Reasons why does DFARS exist They share, exchange, and create Covered Defense Information (CDI) and Controlled Unclassified Information (CUI) on program specifications, technology, and equipment performance as they collaborate across research, design, development, and deployment of defense products. 3 4 Apart from a national security threat, cyberattacks can also cause significant financial and reputational damage to defense contractors, which may disrupt supply chains and result in cost and schedule overruns.
DFARS-base Clause Requirements for Defense Contractors DFARS regulations and NIST guidance play an important role in the United States to enable cybersecurity robustness. For defense contractors and subcontractors, regulations can provide a minimum guidance to assist them with becoming cybersecure Adequate Security for all Covered Defense Information (CDI) Flow-down Requirements to Subcontractors Minimum Security Controls from NIST SP 800-171 72-hour Rapid Reporting Requirement for Breaches Multifactor Authentication Least-privileged Access
4 2 1 3 4 Main Rules of DFARS 70 Series DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting DFARS 252.204 7020: NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7019: Notice of NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
DFARS 252.204 7012 Safeguarding Covered Defense Information and Cyber Incident Reporting • In the United States, the DFARS requirements and compliance with the NIST SP 800-171 govern the DIB and associated contractors. The DFARS 204.73006 requires contractors and subcontractors to protect CDI by applying specified network security requirements and necessitates reporting of cyber incidents. • DFARS 252.204-7012 further expands the definition of CUI and identifies the NIST SP 800-171 framework as a source document for cybersecurity requirements. • NIST SP 800-171, which lays down specific measures to safeguard sensitive information, acts as a minimum standard for companies in the DIB.
DFARS 252.204 7019 Notice of NIST SP 800-171 DoD Assessment Requirements • In this clause, contractors are notified about the requirements to implement and maintain their NIST SP 800-171 assessments within the Supplier Performance Risk System (SPRS), as well as ensure their proper and in-time reporting every 3 years unless a lesser time is specified in the solicitation. • Each contractor will be required to maintain one of the three current levels of DoD assessments (Basic, Medium, or High) within the database accessible only for DoD personnel. • It also contains requirements and procedures for authorities to award or withhold awards based on properly reported assessment results.
DFARS 252.204 7020 NIST SP 800-171 DoD Assessment Requirements • This is a newly released follow-on clause to DFARS 7019 which grants the Government access to the contractor's facilities, systems, and personnel that manage, process, store, or transmit Controlled Unclassified Information, necessary for the Government to conduct a Medium or High NIST SP 800-171 DoD Assessment. • There are some similarities carried from DFARS 7012, including reinforcement of flow- down requirements for the contractor to ensure all its suppliers comply with the NIST SP 800-171, make enough progress on a Plan of Actions and Milestones (POA&M), and have their current assessment results posted in the Supplier Performance Risk System (SPRS). • The contractor must also validate their compliance with 7019 prior to awarding a subcontract or purchase order of any kind, and include the contents of DFARS 7019 in the documented subcontract agreement.
DFARS 252.204 7021 Cybersecurity Maturity Model Certification Requirements • The Cybersecurity Maturity Model Certification (CMMC) CMMC is a framework that measures a contractor’s cybersecurity maturity to include the implementation of cybersecurity practices and institutionalization of processes • Much like previously reviewed DFARS 7020, the DFARS 7021 clause requires contractors and their subs to enter their current assessment into the Supplier Performance Risk System (SPRS), although in this particular clause, maintaining the appropriate CMMC level with respect to each contract is also required both from contractors and their supply chain.
Current Requirements for CUI
DoD Data Classification
CUI Definition Section 2002.4 of Title 32 CFR (h) Controlled Unclassified Information (CUI) is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.
CUI - Interpreted Definition ● CUI is defined in law by the way in which the information is handled. ● CUI is not clearly defined in policy and regulation regarding the content of the information. ● In order to define CUI in a manner that is consistent with other information classifications, CUI should be defined by the potential impact to national defense that publicly releasing that information would cause. ● For example, SECRET information is defined by 18 CFR § 3a.11 and says “[t]he test for assigning Secret classification shall be whether its unauthorized disclosure could reasonably be expected to cause serious damage to the national security.” CUI is lacking a similar legal definition, but it could be reasonable to define CUI as information that its unauthorized disclosure could be aggregated with additional information and reasonably be expected to cause a negative impact to the national security.
CUI Exceptions However, CUI does not include classified information (see paragraph (e) of this section) or information a non-executive branch entity possesses and maintains in its own systems that did not come from, or was not created or possessed by or for, an executive branch agency or an entity acting for an agency. Law, regulation, or Government-wide policy may require or permit safeguarding or dissemination controls in three ways: Requiring or permitting agencies to control or protect the information but providing no specific controls, which makes the information CUI Basic; requiring or permitting agencies to control or protect the information and providing specific controls for doing so, which makes the information CUI Specified; or requiring or permitting agencies to control the information and specifying only some of those controls, which makes the information CUI Specified, but with CUI Basic controls where the authority does not specify. ● Information government creates and/or created on behalf of the government ● No controls = CUI Basic ● Provide controls = CUI Specified
Major CUI Stakeholders • National Archives and Records Administration (NARA) The National Archives and Records Administration (NARA) serves as the Controlled Unclassified Information (CUI) Program's Executive Agent and has delegated CUI Executive Agent responsibilities to the Director of the Information Security Oversight Office (ISOO). As the CUI Executive Agent, ISOO issues guidance to Federal agencies on safeguarding and marking CUI. • Guidance from NARA to DoD Agencies (Prime Contractor Customers) Existing agency policy for all sensitive unclassified information remains in effect until your agency implements the CUI program. • DoD & Contractors (us) DoD contracts must require contractors to monitor CUI for aggregation and compilation based on the potential to generate classified information pursuant to security classification guidance addressing the accumulation of unclassified data or information Requirements for DoD Contractors (Section 5.3, Page 32)
DoD’s Guidance Requirements for DoD Contractors (Section 5.3, Page 32). DoD contracts must require contractors to monitor CUI for aggregation and compilation based on the potential to generate classified information pursuant to security classification guidance addressing the accumulation of unclassified data or information. DoD contracts shall require contractors to report the potential classification of aggregated or compiled CUI to a DoD representative.
CUI Determination Methods • Original Classification Authorities (OCA) conducts a damage assessment to figure out what is CUI • Internal damage assessment • Scenario based (information type) and what-if analysis (how could it impact the DoD) - Non-formal example is below: o Types of items manufactured or sold o Specific DoD Units these items are sold to, time and amount sold o If aggregate this information was provided to our adversaries - could this information hurt the United States and/or specifically the unit these items are provided to? ▪ If so how? And If not, why not? Method 1: Using NARA and/or DOD’s Registry (similar to NARA) Method 2: Conducting an internal “damage assessment”
What is CDI? Covered Defense Information (CDI): Is a term defined in the DFAR clause 252.204-7012 Safeguarding Covered Defense Information as unclassified controlled technical information or other information, as described in the Controlled Unclassified Information (CUI) registry that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations and government wide policies and is (1) Marked or otherwise identified in a contract, task order or delivery order and provided to Purdue by or on behalf of the DoD in support of the performance of a contract or (2) collected, developed, received, transmitted, used or stored by or on behalf of the contractor in support of the performance of the contract.
What Federal Requirements Apply? DoD Contractors are required to adhere to the following federal requirements when handling CUI/CDI: • Code of Federal Regulations (CFR) Part 2002, Controlled Unclassified Information Program • Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. • DFARS 252.204-7020, NIST SP 800-171 DoD Assessment Requirements • National Institute of Standards and Technology (NIST) Special Publication (SP) Rev. 2 • DFARS 252.204-7021, Cybersecurity Maturity Model Certification (CMMC) Requirements
Other Information Types
Small Business Classification (Example)
What is CMMC?
Model & Structure
Practices Per Level
Understanding DFARS NIST 800-171 and CMMC Relationship Who needs to be DFARS compliant? All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards or risk losing their DoD contracts. Based on NIST Special Publication 800-171, manufacturers must implement these security controls through all levels of their supply chain. Where is DFARS included? DFARS clause 252.204-7012 is included in all solicitations and contracts, including those using Federal Acquisition Regulation (FAR) part 12 commercial item procedures, except for acquisitions solely for commercially available off- the-shelf (COTS) items. The clause requires contractors to apply the security requirements of NIST SP 800-171 to “covered contractor information systems”. How do NIST controls overlap with the emerging CMMC framework? NIST 800-171 is the backbone of the CMMC framework and it is required by all CMMC levels. For example, NIST domains cover 110 controls out of 130 required for Level 3 of CMMC. Would CMMC potentially replace NIST? The CMMC is an advanced step in the DoD’s efforts to properly secure the Defense Industrial Base (DIB). It complements and enforces NIST 800-171 as part of its requirements. Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171. NIST SP 800-171r1 CMMC REQUIREMENTS 20 Additional Practices 51 Maturity Processes DFARS REQUIREMENTS FedRAMP Mod Paragraphs C-G 72 Hour Report
• CMMC Level 1 • Meeting the basic requirements to protect Federal Contract Information (FCI): • an up-to-date antivirus software application, • strong passwords, • unauthorized third parties protection. • FCI is not intended for public release. • Minimal efforts required to strengthen the cybersecurity defenses. Which CMMC level is right for your business? • CMMC Level 2 • Introducing Controlled Unclassified Information (CUI) • Standard cybersecurity practices, policies, and strategic plans. • Major subset of the security requirements specified in NIST SP 800-171. • 55 new practices for a total of 72 total practices. • CMMC Level 3 • Good cyber hygiene and controls necessary to protect CUI. • Continuous review of all activities based on their cybersecurity policy. • All requirements specified in NIST SP 800-171 and other similar standards. • 130 required security controls, grouped into 17 domains. • CMMC Level 4 and Level 5 • Addressing the changing tactics, techniques, and procedures used by Advanced Persistent Threats (APTs). • Proactive cybersecurity program and standardized processes to achieve consistency across the entire organization. • 171 security controls, which are grouped into 17 domains.
Starting CMMC Process ⮚ Pre-Diligence ⮚ RMF ⮚ CMMC ⮚ FedRAMP ⮚ ITAR ⮚ Business Requirements ⮚ Corporate Risk Management & Business Process ⮚ Business Integration Requirements (i.e ISO, departments, etc..) ⮚ Reusability of low fidelity scoring, IT resources, etc.. ⮚ Standardization ⮚ People, Process & Technology ⮚ Create efficiencies; minimize rework and exceptions Level 3: Managed Level 2: Documented Level 1: Performed Level 4: Reviewed Level 5: Optimized Processes
Cost of Compliance for SMB ● Cost of Management Factors ○ Program Development & Management ○ Technology & Engineering Implementation ○ Audit & Certification ● Pricing can range from $20K to $200K depending on several factors. ● Market pricing for 100% of CMMC requirements is not completely understood due to changing requirements and/or interpretation of requirements. *Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) CMMC Level Yearly Non- Recurring Engineering Yearly Recurring Engineering Yearly Assessment Costs++ Total Yearly Costs Level 1 $0 $0 $1,000 $1,000 Level 2 $407 $20,154 $7,489 $28,050 Level 3 $1,311 $41,666 $17,032 $60,009 Level 4 $46,917 $301,514 $23,355 $371,786 Level 5 $61,511 $384,666 $36,697 $482,874
Program Resources Resources are aligned with various stages of managing the CMMC program for small business Program Metrics & Management SSP & POA&M Deliverables Guided Assessment Training Program Deliverables ● DoD Training Website - https://securityhub.usalearning.gov/content/story.html ● Ignyte Institute Practitioner Level & Top Management Training - https://www.ignyteinstitute.org/ ● CMMC System Security Plan Development - https://www.dfars-nist-800-171.com/ ● NIST 171 Documentaton - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final ● SSP & Other Plan of Action & Milestones (POA&M) - https://www.dfars-nist-800-171.com/
CMMC Education & Training Ignyte Institute Courses Senior Management Course (20 Mins) Practitioner Level Course (1 hour) DoD Issued CUI Training What is CUI and How to recognize it?
Next Week
Questions? Thank you! Point of Contact Connie Palucka Vice President, Consulting Max Aulakh, MBA, CISSP, PMP Founder & CEO Point of Contact info@ignyteplatform.com cpalucka@catalystconnection.org

Recomendados

Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber ProgramIgnyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedIgnyte Assurance Platform
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply ChainIgnyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 Ignyte Assurance Platform
 
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceWilliam McBorrough
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221SALIH AHMED ISLAM
 

Recomendados

Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber ProgramIgnyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedIgnyte Assurance Platform
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply ChainIgnyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 Ignyte Assurance Platform
 
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceWilliam McBorrough
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221SALIH AHMED ISLAM
 
The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?Unanet
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationMurray Security Services
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramWilliam McBorrough
 
Educause+V4
Educause+V4Educause+V4
Educause+V4ecarrow
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentInfosec
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Unanet
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsGovernment Technology and Services Coalition
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Cohesive Networks
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationInfosec
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsTrish McGinity, CCSK
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System AdministrationLisa Dowdell, MSISTM
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable SolarWinds
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxJack Nichelson
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsJSchaus & Associates
 

Más contenido relacionado

La actualidad más candente

The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?Unanet
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationMurray Security Services
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramWilliam McBorrough
 
Educause+V4
Educause+V4Educause+V4
Educause+V4ecarrow
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentInfosec
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Unanet
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Cohesive Networks
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationInfosec
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsTrish McGinity, CCSK
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System AdministrationLisa Dowdell, MSISTM
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable SolarWinds
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and CertificationControlCase
 

La actualidad más candente (20)

The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
 
Educause+V4
Educause+V4Educause+V4
Educause+V4
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessment
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a ciso
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System Administration
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 

Similar a DFARS & CMMC Overview

A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxJack Nichelson
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsJSchaus & Associates
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxJack Nichelson
 
FED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSFED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSJSchaus & Associates
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
Cyber Security.pptx
Cyber Security.pptxCyber Security.pptx
Cyber Security.pptxJohn96107
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
Trackment
TrackmentTrackment
Trackmentmeaannn
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...padler01
 
FED GOV CON - Cyber Security Requirements: What’s New
FED GOV CON - Cyber Security Requirements: What’s NewFED GOV CON - Cyber Security Requirements: What’s New
FED GOV CON - Cyber Security Requirements: What’s NewJSchaus & Associates
 
Cyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandCyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandHighervista
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWithum
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowPECB
 
FED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARFED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARJSchaus & Associates
 
Government Contracting - DFARS Part 252 - Clauses - Win Federal Contracts
Government Contracting - DFARS Part 252 - Clauses - Win Federal ContractsGovernment Contracting - DFARS Part 252 - Clauses - Win Federal Contracts
Government Contracting - DFARS Part 252 - Clauses - Win Federal ContractsJSchaus & Associates
 
Cybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government ContractsCybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government ContractsRobert E Jones
 

Similar a DFARS & CMMC Overview (20)

A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
 
FED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARSFED GOV CON - Cybersecurity Compliance Under The DFARS
FED GOV CON - Cybersecurity Compliance Under The DFARS
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
GSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through AcquisitionGSA's Presentation on Improving Cyber Security Through Acquisition
GSA's Presentation on Improving Cyber Security Through Acquisition
 
Cyber Security.pptx
Cyber Security.pptxCyber Security.pptx
Cyber Security.pptx
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management Act
 
Trackment
TrackmentTrackment
Trackment
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
 
FED GOV CON - Cyber Security Requirements: What’s New
FED GOV CON - Cyber Security Requirements: What’s NewFED GOV CON - Cyber Security Requirements: What’s New
FED GOV CON - Cyber Security Requirements: What’s New
 
Cyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarlandCyber security for manufacturers umuc cadf-ron mcfarland
Cyber security for manufacturers umuc cadf-ron mcfarland
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
 
FED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FARFED GOV CON - Cybersecurity Compliance Under The FAR
FED GOV CON - Cybersecurity Compliance Under The FAR
 
Government Contracting - DFARS Part 252 - Clauses - Win Federal Contracts
Government Contracting - DFARS Part 252 - Clauses - Win Federal ContractsGovernment Contracting - DFARS Part 252 - Clauses - Win Federal Contracts
Government Contracting - DFARS Part 252 - Clauses - Win Federal Contracts
 
Cybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government ContractsCybersecurity Compliance in Government Contracts
Cybersecurity Compliance in Government Contracts
 

Más de Ignyte Assurance Platform

How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...Ignyte Assurance Platform
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...Ignyte Assurance Platform
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBIgnyte Assurance Platform
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte Assurance Platform
 

Más de Ignyte Assurance Platform (10)

How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
 
Ignyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud ComputingIgnyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud Computing
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIB
 
CMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment GuidanceCMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment Guidance
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
 

Último

Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 

Último (20)

Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 

DFARS & CMMC Overview

  • 1. WEBINAR SERIES. Part 2 31 March 2021 10:30 AM EST Hosted by CATALYST CONNECTION Max Aulakh Founder & CEO DFARS & CMMC Overview
  • 2. Who’s driving this webinar? Max Aulakh Founder & CEO About our Speaker C-SUITE DEFENSE & ASSURANCE LEADER S P E C I A L G U E S T As a Data Security and Compliance Leader, he delivers DoD-tested security strategies and compliance that safeguard mission-critical IT operations. Having trained and excelled in The United States Air Force, he maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global networks — both classified and unclassified. He drove the Information Assurance (IA) programs for the U.S. Department of Defense (DoD). Facilitated by Connie Palucka Vice President, Consulting at Catalyst Connection Connie joined Catalyst Connection in 2005 and brings over 25 years of global sales, business development, and product development experience to her role as the Managing Director of Regional Initiatives. She leads a team that secures and executes grants initiatives to support manufacturers and build the region’s vibrancy. She also works with regional academic institutions, economic development organizations and regional manufacturers to build new capabilities and help make Southwestern Pennsylvania a model for the nation.
  • 3. Session 3: DFARS NIST 800-171 Compliance Process 1. Setting up your compliance program at the corporate level 2. Conducting Rapid - Low Fidelity Assessment for generating SPRS Scores 3.Developing a completed SSP (System Security Plan). 4.How and why to create a POA&M (Plan of Actions & Milestones).
  • 4. • Webinar 1: Laying the Foundation – The Need for Cybersecurity in U.S. Manufacturing • Webinar 2: DFARS & CMMC Overview • Webinar 3: DFARS NIST 800-171 Compliance Process • Webinar 4: Real Company Examples • Webinar 5: CMMC Breakdown • Session 6: Risk Mitigation 6-Part Webinar Series: CYBER RESILIENCY FOR DEFENSE CONTRACTORS
  • 5. Why does DFARS exist? Current requirements for companies with CUI or CDI. What is CMMC? Today’s Lessons Learned 1 2 3
  • 7. Reasons why does DFARS exist Supply chain attacks, which exploit security weaknesses in third-party services to strike a target, increased 78% just in one year alone (between 2017 and 2018) according to Symantec’s 2019 Internet Security Threat Report*, and the trend is increasing each year. 1 Defense contractors are increasingly investing in digital technologies to help accelerate product development, improve existing processes, and increase efficiency. Digitization results in highly sensitive and confidential data being stored long term and shared internally as well as externally. 2 *Symantec, 2019 Internet Security Threat Report, https://www. symantec.com/en/hk/security-center/threat-report.
  • 8. Reasons why does DFARS exist They share, exchange, and create Covered Defense Information (CDI) and Controlled Unclassified Information (CUI) on program specifications, technology, and equipment performance as they collaborate across research, design, development, and deployment of defense products. 3 4 Apart from a national security threat, cyberattacks can also cause significant financial and reputational damage to defense contractors, which may disrupt supply chains and result in cost and schedule overruns.
  • 9. DFARS-base Clause Requirements for Defense Contractors DFARS regulations and NIST guidance play an important role in the United States to enable cybersecurity robustness. For defense contractors and subcontractors, regulations can provide a minimum guidance to assist them with becoming cybersecure Adequate Security for all Covered Defense Information (CDI) Flow-down Requirements to Subcontractors Minimum Security Controls from NIST SP 800-171 72-hour Rapid Reporting Requirement for Breaches Multifactor Authentication Least-privileged Access
  • 10. 4 2 1 3 4 Main Rules of DFARS 70 Series DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting DFARS 252.204 7020: NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7019: Notice of NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
  • 11. DFARS 252.204 7012 Safeguarding Covered Defense Information and Cyber Incident Reporting • In the United States, the DFARS requirements and compliance with the NIST SP 800-171 govern the DIB and associated contractors. The DFARS 204.73006 requires contractors and subcontractors to protect CDI by applying specified network security requirements and necessitates reporting of cyber incidents. • DFARS 252.204-7012 further expands the definition of CUI and identifies the NIST SP 800-171 framework as a source document for cybersecurity requirements. • NIST SP 800-171, which lays down specific measures to safeguard sensitive information, acts as a minimum standard for companies in the DIB.
  • 12. DFARS 252.204 7019 Notice of NIST SP 800-171 DoD Assessment Requirements • In this clause, contractors are notified about the requirements to implement and maintain their NIST SP 800-171 assessments within the Supplier Performance Risk System (SPRS), as well as ensure their proper and in-time reporting every 3 years unless a lesser time is specified in the solicitation. • Each contractor will be required to maintain one of the three current levels of DoD assessments (Basic, Medium, or High) within the database accessible only for DoD personnel. • It also contains requirements and procedures for authorities to award or withhold awards based on properly reported assessment results.
  • 13. DFARS 252.204 7020 NIST SP 800-171 DoD Assessment Requirements • This is a newly released follow-on clause to DFARS 7019 which grants the Government access to the contractor's facilities, systems, and personnel that manage, process, store, or transmit Controlled Unclassified Information, necessary for the Government to conduct a Medium or High NIST SP 800-171 DoD Assessment. • There are some similarities carried from DFARS 7012, including reinforcement of flow- down requirements for the contractor to ensure all its suppliers comply with the NIST SP 800-171, make enough progress on a Plan of Actions and Milestones (POA&M), and have their current assessment results posted in the Supplier Performance Risk System (SPRS). • The contractor must also validate their compliance with 7019 prior to awarding a subcontract or purchase order of any kind, and include the contents of DFARS 7019 in the documented subcontract agreement.
  • 14. DFARS 252.204 7021 Cybersecurity Maturity Model Certification Requirements • The Cybersecurity Maturity Model Certification (CMMC) CMMC is a framework that measures a contractor’s cybersecurity maturity to include the implementation of cybersecurity practices and institutionalization of processes • Much like previously reviewed DFARS 7020, the DFARS 7021 clause requires contractors and their subs to enter their current assessment into the Supplier Performance Risk System (SPRS), although in this particular clause, maintaining the appropriate CMMC level with respect to each contract is also required both from contractors and their supply chain.
  • 17. CUI Definition Section 2002.4 of Title 32 CFR (h) Controlled Unclassified Information (CUI) is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.
  • 18. CUI - Interpreted Definition ● CUI is defined in law by the way in which the information is handled. ● CUI is not clearly defined in policy and regulation regarding the content of the information. ● In order to define CUI in a manner that is consistent with other information classifications, CUI should be defined by the potential impact to national defense that publicly releasing that information would cause. ● For example, SECRET information is defined by 18 CFR § 3a.11 and says “[t]he test for assigning Secret classification shall be whether its unauthorized disclosure could reasonably be expected to cause serious damage to the national security.” CUI is lacking a similar legal definition, but it could be reasonable to define CUI as information that its unauthorized disclosure could be aggregated with additional information and reasonably be expected to cause a negative impact to the national security.
  • 19. CUI Exceptions However, CUI does not include classified information (see paragraph (e) of this section) or information a non-executive branch entity possesses and maintains in its own systems that did not come from, or was not created or possessed by or for, an executive branch agency or an entity acting for an agency. Law, regulation, or Government-wide policy may require or permit safeguarding or dissemination controls in three ways: Requiring or permitting agencies to control or protect the information but providing no specific controls, which makes the information CUI Basic; requiring or permitting agencies to control or protect the information and providing specific controls for doing so, which makes the information CUI Specified; or requiring or permitting agencies to control the information and specifying only some of those controls, which makes the information CUI Specified, but with CUI Basic controls where the authority does not specify. ● Information government creates and/or created on behalf of the government ● No controls = CUI Basic ● Provide controls = CUI Specified
  • 20. Major CUI Stakeholders • National Archives and Records Administration (NARA) The National Archives and Records Administration (NARA) serves as the Controlled Unclassified Information (CUI) Program's Executive Agent and has delegated CUI Executive Agent responsibilities to the Director of the Information Security Oversight Office (ISOO). As the CUI Executive Agent, ISOO issues guidance to Federal agencies on safeguarding and marking CUI. • Guidance from NARA to DoD Agencies (Prime Contractor Customers) Existing agency policy for all sensitive unclassified information remains in effect until your agency implements the CUI program. • DoD & Contractors (us) DoD contracts must require contractors to monitor CUI for aggregation and compilation based on the potential to generate classified information pursuant to security classification guidance addressing the accumulation of unclassified data or information Requirements for DoD Contractors (Section 5.3, Page 32)
  • 21. DoD’s Guidance Requirements for DoD Contractors (Section 5.3, Page 32). DoD contracts must require contractors to monitor CUI for aggregation and compilation based on the potential to generate classified information pursuant to security classification guidance addressing the accumulation of unclassified data or information. DoD contracts shall require contractors to report the potential classification of aggregated or compiled CUI to a DoD representative.
  • 22. CUI Determination Methods • Original Classification Authorities (OCA) conducts a damage assessment to figure out what is CUI • Internal damage assessment • Scenario based (information type) and what-if analysis (how could it impact the DoD) - Non-formal example is below: o Types of items manufactured or sold o Specific DoD Units these items are sold to, time and amount sold o If aggregate this information was provided to our adversaries - could this information hurt the United States and/or specifically the unit these items are provided to? ▪ If so how? And If not, why not? Method 1: Using NARA and/or DOD’s Registry (similar to NARA) Method 2: Conducting an internal “damage assessment”
  • 23. What is CDI? Covered Defense Information (CDI): Is a term defined in the DFAR clause 252.204-7012 Safeguarding Covered Defense Information as unclassified controlled technical information or other information, as described in the Controlled Unclassified Information (CUI) registry that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations and government wide policies and is (1) Marked or otherwise identified in a contract, task order or delivery order and provided to Purdue by or on behalf of the DoD in support of the performance of a contract or (2) collected, developed, received, transmitted, used or stored by or on behalf of the contractor in support of the performance of the contract.
  • 24. What Federal Requirements Apply? DoD Contractors are required to adhere to the following federal requirements when handling CUI/CDI: • Code of Federal Regulations (CFR) Part 2002, Controlled Unclassified Information Program • Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting. • DFARS 252.204-7020, NIST SP 800-171 DoD Assessment Requirements • National Institute of Standards and Technology (NIST) Special Publication (SP) Rev. 2 • DFARS 252.204-7021, Cybersecurity Maturity Model Certification (CMMC) Requirements
  • 30. Understanding DFARS NIST 800-171 and CMMC Relationship Who needs to be DFARS compliant? All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards or risk losing their DoD contracts. Based on NIST Special Publication 800-171, manufacturers must implement these security controls through all levels of their supply chain. Where is DFARS included? DFARS clause 252.204-7012 is included in all solicitations and contracts, including those using Federal Acquisition Regulation (FAR) part 12 commercial item procedures, except for acquisitions solely for commercially available off- the-shelf (COTS) items. The clause requires contractors to apply the security requirements of NIST SP 800-171 to “covered contractor information systems”. How do NIST controls overlap with the emerging CMMC framework? NIST 800-171 is the backbone of the CMMC framework and it is required by all CMMC levels. For example, NIST domains cover 110 controls out of 130 required for Level 3 of CMMC. Would CMMC potentially replace NIST? The CMMC is an advanced step in the DoD’s efforts to properly secure the Defense Industrial Base (DIB). It complements and enforces NIST 800-171 as part of its requirements. Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171. NIST SP 800-171r1 CMMC REQUIREMENTS 20 Additional Practices 51 Maturity Processes DFARS REQUIREMENTS FedRAMP Mod Paragraphs C-G 72 Hour Report
  • 31. • CMMC Level 1 • Meeting the basic requirements to protect Federal Contract Information (FCI): • an up-to-date antivirus software application, • strong passwords, • unauthorized third parties protection. • FCI is not intended for public release. • Minimal efforts required to strengthen the cybersecurity defenses. Which CMMC level is right for your business? • CMMC Level 2 • Introducing Controlled Unclassified Information (CUI) • Standard cybersecurity practices, policies, and strategic plans. • Major subset of the security requirements specified in NIST SP 800-171. • 55 new practices for a total of 72 total practices. • CMMC Level 3 • Good cyber hygiene and controls necessary to protect CUI. • Continuous review of all activities based on their cybersecurity policy. • All requirements specified in NIST SP 800-171 and other similar standards. • 130 required security controls, grouped into 17 domains. • CMMC Level 4 and Level 5 • Addressing the changing tactics, techniques, and procedures used by Advanced Persistent Threats (APTs). • Proactive cybersecurity program and standardized processes to achieve consistency across the entire organization. • 171 security controls, which are grouped into 17 domains.
  • 32. Starting CMMC Process ⮚ Pre-Diligence ⮚ RMF ⮚ CMMC ⮚ FedRAMP ⮚ ITAR ⮚ Business Requirements ⮚ Corporate Risk Management & Business Process ⮚ Business Integration Requirements (i.e ISO, departments, etc..) ⮚ Reusability of low fidelity scoring, IT resources, etc.. ⮚ Standardization ⮚ People, Process & Technology ⮚ Create efficiencies; minimize rework and exceptions Level 3: Managed Level 2: Documented Level 1: Performed Level 4: Reviewed Level 5: Optimized Processes
  • 33. Cost of Compliance for SMB ● Cost of Management Factors ○ Program Development & Management ○ Technology & Engineering Implementation ○ Audit & Certification ● Pricing can range from $20K to $200K depending on several factors. ● Market pricing for 100% of CMMC requirements is not completely understood due to changing requirements and/or interpretation of requirements. *Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) CMMC Level Yearly Non- Recurring Engineering Yearly Recurring Engineering Yearly Assessment Costs++ Total Yearly Costs Level 1 $0 $0 $1,000 $1,000 Level 2 $407 $20,154 $7,489 $28,050 Level 3 $1,311 $41,666 $17,032 $60,009 Level 4 $46,917 $301,514 $23,355 $371,786 Level 5 $61,511 $384,666 $36,697 $482,874
  • 34. Program Resources Resources are aligned with various stages of managing the CMMC program for small business Program Metrics & Management SSP & POA&M Deliverables Guided Assessment Training Program Deliverables ● DoD Training Website - https://securityhub.usalearning.gov/content/story.html ● Ignyte Institute Practitioner Level & Top Management Training - https://www.ignyteinstitute.org/ ● CMMC System Security Plan Development - https://www.dfars-nist-800-171.com/ ● NIST 171 Documentaton - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final ● SSP & Other Plan of Action & Milestones (POA&M) - https://www.dfars-nist-800-171.com/
  • 35. CMMC Education & Training Ignyte Institute Courses Senior Management Course (20 Mins) Practitioner Level Course (1 hour) DoD Issued CUI Training What is CUI and How to recognize it?
  • 37. Questions? Thank you! Point of Contact Connie Palucka Vice President, Consulting Max Aulakh, MBA, CISSP, PMP Founder & CEO Point of Contact info@ignyteplatform.com cpalucka@catalystconnection.org