Speakers: Stacy Bostjanick CMMC Program Head, U.S. Department of Defense William Spence Team Chief @ Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) Jennifer Henderson Cybersecurity Specialist/ Future Operations @ DIBCAC
Stacy provided participants with an update on the CMMC program’s timeline as well as information on the steps defense contractors need to take to be ready for CMMC’s rollout in 2023.
William and Jennifer will provide an overview of what DIBCAC will expect from defense contractors need to pass voluntary assessments today and CMMC assessments in 2023. Here is a link to their slide deck.
Legal Requirements for Meeting the NIST and CMMC Compliance Standards
Speaker: Robert Metzger Partner @ RJO; Co-author of MITRE “Deliver Uncompromised” Report
In his session, Robert provided participants with an in-depth understanding of their legal obligations to meet the NIST and CMMC compliance standards today and the implications of failing to meet them.
Speakers: Stacy High-Brinkley– CISO @ Cask (Authorized C3PAO) Stuart Itkin– VP CMMC and FedRAMP Assurance @ Coalfire Federal (Authorized C3PAO) Marci Womack– CMMC Provisional Assessor & CMMC Lead @ Schellman (Authorized C3PAO) Robert Teague – Manager CMMC Services @ Redspin (Authorized C3PAO)
In this session, four C3PAOs shared the lessons they learned from conducting some of the first Voluntary Assessments on defense contractors. In addition these C3PAOs shared important take aways for defense contractors in upcoming CMMC assessments.
Achieving CMMC Compliance – Primes’ Expectations for their Subcontractors
This session provided insights from JC Dodson (VP & Chief Security Office, BAE Systems) on the compliance expectations Prime contractors like BAE have for their subcontractors. In addition, it looked at the consequences and repercussions defense contractors can face should they have low SPRS scores, fail to file an SPRS score or suffer a cyber incident and have not made adequate plans for Incident Response or meeting their DFARS c-g requirements.
Speaker: Jill Lawson – DoD Acquisition Policy Specialist
Jill was instrumental in providing important feedback on the initial drafts of the CMMC standard. In addition, Jill has over 30 years of contracting experience in the DoD. She will bring this wealth of experience to her Master Class where she will help participants understand key compliance drivers and how they can facilitate meeting their CMMC compliance requirements.
Speakers: Ted Steffan – Lead Compliance Acceleration @ Amazon Web Services (AWS) Matt Majot – Director @ ComplyUp Jose Neto – Founder, PC Warriors
Ted Steffan, Matt Majot and Jose Neto delivered a tactical session to help defense contractors understand a practical path to accelerating their CMMC compliance obligations and preparing for DoD assessments. Their session brought together many of the themes of the CMMC Day, focusing on how contractors can get started on their DFARS 7012 and NIST 800-171 compliance, how Governance, Risk & Compliance (GRC) tools can help organize compliance efforts and what tools are available to help them protect their CUI.Here is a link to the slide deck.
Ryan Bonner – a sought after speaker on NIST 800-171, CMMC and DFARS 7012 compliance – enabled attendees to understand how they should prepare for a rigorous assessment of their organization. Here is a link to his slide deck.
Speakers: John Verry – CISO & Managing Partner, Pivot Point Security Tony Bai – Director – Federal Practice Lead, A-Lign Joe Chavarria – CEO Total Cyber Solutions
John, Tony and Joe have deep experience in advising contractors on how to meet their NIST 800-171 and CMMC compliance standards. In this session they provided attendees with an explanation of the two standards, how they overlap and how they are different.
Speakers: Scott Singer President @ CyberNINES, Authorized C3PAO
One of the most important ways in which defense contractors can facilitate their compliance is by limiting the scope of who has access to their Controlled Unclassified Information (CUI). This is referred to as a secure enclave. Scott Singer, President of CyberNINES, an authorized C3PAO, as well as a CMMC Registered Practitioner, explains in this session how a secure enclave works and how creating one saves time and money as well as minimizing complexity. Here is a link to the slide deck.