SlideShare a Scribd company logo

Federal Government Contracting - LIVE Q&A - Topic: CMMC / Cybersecurity

Download as PPTX, PDF
JSchaus & Associates
JSchaus & Associates

Jennifer Schaus & Associates - Washington DC based consulting firm for federal contractors - presents a 2021 Webinar Series on various topics in federal government contracing. Learn more about the series here and get the webinar recording: https://www.jenniferschaus.com/q-a-cafe

Government & Nonprofit
1 of 49
G O V C O N Q & A C A F E
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F E 2 N D F R I D AY O F E A C H M O N T H 1 2 P M – 1 . 3 0 P M [ E A S T E R N ] C O N T E N T & L I V E Q & A F R O M G O V C O N E X P E R T S R E C O R D I N G S AVA I L A B L E AT T H E S A M E R E G I S T R AT I O N L I N K P P T S AVA I L A B L E AT S L I D E S H A R E . N E T
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F E 8 J A N U A RY: C Y B E R S E C U R I T Y / C M M C 1 2 F E B R U A RY: O TA – O T H E R T R A N S A C T I O N A U T H O R I T I E S 1 2 M A R C H : B I D P R O T E S T 1 9 A P R I L : T E A M I N G A G R E E M E N T S 1 4 M AY: S U B - C O N T R A C T I N G 11 J U N E : S A L E S A N D C A P T U R E
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 9 J U LY: P R O P O S A L W R I T I N G 1 3 A U G U S T: C O M P L I A N C E 1 0 S E P T E M B E R : O R A L P R E S E N TAT I O N S 8 O C TO B E R : S E T- A S I D E S 1 2 N O V E M B E R : P R I C I N G 1 0 D E C E M B E R : M & A
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 A B O U T O U R C O N S U LT I N G S E RV I C E S F O R F E D E R A L C O N T R A C TO R S : * M A R K E T A N A LY S I S * P R O P O S A L W R I T I N G * P R I C I N G * C O M P L I A N C E / A D M I N I S T R AT I O N * M A R K E T I N G & B U S I N E S S D E V E L O P M E N T / C A P T U R E * G S A S C H E D U L E
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 A B O U T O U R W E B I N A R S  O V E R 4 0 0 + C O M P L I M E N TA RY G O V C O N W E B I N A R S O N O U R Y O U T U B E C H A N N E L C O V E R I N G G S A S C H E D U L E S TO P R I C I N G TO C O M P L I A N C E  J O I N U S O N W E D N E S D AY S I N 2 0 2 1 F O R A C O M P L I M E N TA RY S E R I E S C O V E R I N G E A C H PA R T O F T H E D FA R S , S E Q U E N T I A L LY  D F A R | G O V E R N M E N T C O N T R A C T S ( J E N N I F E R S C H A U S . C O M )  2 0 2 0 W E B I N A R S C O V E R E D E A C H PA R T O F T H E FA R , S E Q U E N T I A L LY  F A R | G O V E R N M E N T C O N T R A C T S ( J E N N I F E R S C H A U S . C O M )
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 THANK YOU TO OUR SPONSORS S P O N S O R I N F O : H E L L O # @ J E N N I F E R S C H A U S . C O M
C3 Integrated Solutions is a full-service IT provider, helping DoD contractors achieve CMMC compliance through cloud- based solutions including Microsoft 365 GCC and GCC High. No matter where you are on your journey to CMMC compliance, C3 can help. C3’s unique, step-by-step CMMC Readiness Program helps companies comply with NIST 800-171 and CMMC. Learn more at https://C3isit.com/cmmc
The National Veteran Small Business Coalition (NVSBC) is the largest non-profit trade association in the country representing veteran and service-disabled veteran-owned small business in the federal marketplace as prime and subcontractors. NVSBC provides networking, match- making, coaching, and training opportunities for members. Please visit: www.nvsbc.org
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 Set-Aside Alert is the premier federal government contract information service, focused on small businesses, minority-owned and women-owned businesses, veteran- and SDV-owned businesses, SBA 8(a)-certified companies and HUBzone businesses. The newsletter provides RFP opportunities for set-asides. www.setasidealert.com Tom Johnson 301-229-5561
Free, confidential counseling + online resources & training SAM/DSBS Certifications & set-asides: 8(a), EDWOSB, WOSB, VOSB, SDVOSB, HUBZone NAICS Codes State & Local (eVA, SWAM) Capabilities statements Marketing to the government Market research Business development Proposals / RFP responses Security clearances Compliance Teaming / subcontracting strategies GSA Schedules Pricing Contract management Contract performance & more THIS PROCUREMENT TECHNICAL ASSISTANCE CENTER IS FUNDED IN PART T HROUGH A COOPERATIVE AGREEMENT WITH THE DEFENSE LOGISTICS AGENCY.  Step 1) Full training calendar: virginiaptac.org tip: click “year” above the calendar to see list form & use the filter features to find specific topics  Step 2) Register as client https://virginiaptac.org/services/counseling/ Outside Virginia? visit www.aptac-us.org to find your local PTAC Help with registration, counseling, classes – ptac@gmu.edu or 703-277-7750 Check out the Bid Match Service Subscription (110+ Federal, State, Local, International)
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 CYBER SECURITY / CMMC
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 – C Y B E R S E C U R I T Y / C M M C WELCOME & THANK YOU TO OUR SPEAKERS
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 – C Y B E R S E C U R I T Y / C M M C C H U C K B R O O K S B R O O K S C O N S U LT I N G I N T E R N AT I O N A L C H E T Z 1 8 @ A O L . C O M 5 7 1 - 2 9 6 - 2 1 6 4
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 – C Y B E R S E C U R I T Y / C M M C J O D Y R E E D M C M A H O N , W E L C H A N D L E A R N E D , P L L C J R E E D @ M W L L E G A L . C O M 7 0 3 - 4 8 3 - 2 8 1 8
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 – C Y B E R S E C U R I T Y / C M M C S U S A N WA R S H AW E B N E R S T I N S O N L L P S U S A N . E B N E R @ S T I N S O N . C O M 2 0 2 - 5 7 2 - 9 9 2 7
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 – C Y B E R S E C U R I T Y / C M M C D AV I D D E M P S E Y D E M P S E Y F O N TA N A , P L L C d d e m p s e y @ d e f t l a w . c o m 7 0 3 - 8 8 0 - 9 1 7 1
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 CYBER SECURITY / CMMC
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C WHAT WE WILL COVER TODAY: I. WHY CMMC WAS CREATED II. BASIC ASSESSMENT REQUIREMENTS AND STATUS III.CMMC REQUIREMENTS AND STATUS IV. CMMC ROLL OUT ISSUES
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I . W H Y C M M C WA S C R E AT E D – C H U C K B R O O K S
CMMC BASICS: The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain DoD's prime contractors and subcontractors must satisfy 1/5 of CMMC's trust levels. These entities must prove sufficient cybersecurity implementation via completing independent validation activities. CMMC will be a phased in approach with new contracts starting Q4 2020 through 2026 While the CMMC framework is not finalized yet, it is known that this new umbrella standard will include requirements from NIST 800-171, FAR document 52.204-21, and beyond
The Department of Defense (DoD) established the Cybersecurity Maturity Model Certification (CMMC) in response to the increase of malicious cyber attacks, especially against supply chains. (Solar Winds now being the most pervasive) Examples of earlier attacks: Jan-Feb 2018: Comprise of US Navy “Operation SEA DRAGON” – Chinese hackers stole sensitive U.S. Navy submarine plans from Rhode Island DoD contractor Chinese government hackers compromised the computers of a U.S. Navy contractor and stole a large amount (approximately 600+ Gigabits) of highly sensitive data on undersea warfare, including plans for a supersonic anti-ship missile for use on U.S. submarines. March 2019: US Navy Review Concludes it is “Under Siege” by Chinese Hackers & Attackers - The Wall Street Journal reported Dec 2018 – Mar 2019. Chinese hackers have repeatedly hit the Navy, defense contractors, and even universities that partner with the service. “We are under siege,” a senior Navy official told The Journal Sept-Dec 2019: Compromise of Emails and LinkedIn Accounts of military defense companies - the attackers used social engineering via LinkedIn, hiding behind the ruse of attractive, but bogus, job offers. Having established an initial foothold, the attackers deployed their custom, multistage malware, along with modified open-source tools 2017-2020: The Chinese APT Threat to Cleared Defense Contractors - cybersecurity firm Lookout linked an APT15 malware sample to a Chinese defense contractor Feb-June 2020: DCSA Bulletin – US Defense Focused – DCSA’s cyber division detected nearly 600 “inbound and outbound connections” from “highly likely Electric Panda cyber threat actors” targeting 38 cleared contractor facilities.
Five levels of CMMC certification: Each level will require more practices and controls than the previous with level one being the lowest and five being the highest level. The certification will be valid for three years. • Basic Cyber Hygiene • Intermediate Cyber Hygiene • Good Cyber Hygiene • Proactive • Advanced or Progressive J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1
Integrating new solutions for bolstering cybersecurity including:  Compliant platforms  Encrypted assets  Data back-ups  Monitoring  Management What’s Next? • In December 2020 DOD disclosed the first seven contracts that are likely to be the initial test cases for the Cybersecurity Maturity Model Certification (CMMC) program. • An interim rule that formally laid down the regulatory framework for CMMC began in December 2020. DoD is now reviewing comments from industry ahead of any potential changes the department might make to the rule. • Lawmakers have included nine provisions in the fiscal 2021 National Defense Authorization Act asking for more details and insights into how DoD will roll out CMMC.
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I I . B A S I C A S S E S S M E N T R E Q U I R E M E N T S A N D S TAT U S J O D Y R E E D M C M A H O N , W E L C H & L E A R N E D , P L L C
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 A . D FA R S I N T E R I M R U L E I S S U E D S E P T E M B E R 2 9 , 2 0 2 0 • Effective Date: November 30, 2020 • The Rule added three new DFARS Clauses • DFARS 252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements • DFARS 252.204-7020 NIST SP 800-171 DoD Assessment Requirements • DFARS 252.204-7021 Contractor Compliance with The Cybersecurity Maturity Model Certification Level Requirement • Once the Rule became effective, DoD was not supposed to awarded any contracts that included the DFARS 252.204-7012 clause to any contractors who did not comply with DFARS 252.204- 7019. There is no exception for FAR Part 12 commercial contracts. The only exception is for COTS.
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 B . D FA R S 2 5 2 . 2 0 4 - 7 0 1 9 N O T I C E O F N I S T S P 8 0 0 - 1 7 1 D O D A S S E S S M E N T R E Q U I R E M E N T S • Key Definitions: • Assessment levels – Basic, Medium & High all have the meanings from NIST SP 800-171 • Covered contractor information system – definition from DFARS 252.204-7012 • Requirement – after November 30, 2020 a contractor cannot be awarded a contract unless they have a recent assessment (within 3 years) posted in the Supplier Performance Risk System (SPRS) at https:/sprs.csd.disa.mil/ for all covered contractor information systems relevant to the offer. The contract must also include DFARS 252.204-7012 for this requirement to be applicable. • Unless the assessment is at the Basic level, the assessment is conducted by another organization. The assessment is based on a spreadsheet which results in a “summary level score” of the contractor’s compliance with NIST SP 800-171. Each security requirement is weighted based on the impact to the information system and any covered defense information (CDI) that passes through the system. A contractor may have negative scores and a maximum score is 110. • If a contractor does not have any summary scores from a current assessment, it may conduct its own assessment and submit it to webptsmh@navy.mil who will post it to SPRS. • Oddly enough there is no requirement in the clause that a contractor have a particular score in order to be awarded a contract.
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 C . D FA R S 2 5 2 . 2 0 4 - 7 0 2 0 N I S T S P 8 0 0 - 1 7 1 D O D A S S E S S M E N T R E Q U I R E M E N T S • Key Definitions: • Basic Assessment – the self assessment by a contractor that results in a “Low” confidence rating. • Medium Assessment – the assessment is conducted by the Government, but at a lower level than a High assessment and the confidence level is “Medium.” • High Assessment – the assessment is conducted by Government personnel and results in a confidence level of “High.” • Covered contractor information system – definition from DFARS 252.204-7012 • This clause requires a contractor to provide access to its facilities, its self assessments, the documentation associated with the information system/assessment and personnel based on the risk associated with the CDI/CUI (Controlled Unclassified Information) data that a contractor handles such that the contractor must be at either High or Medium.
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 D . P O T E N T I A L I S S U E S • A potential big issue for small businesses – you have been awarded contracts with DFARS 252.204-7012 since December 31, 2017 (or earlier) and you have not performed any assessment of your IT system. Would this matter if you were never provided any CDI/CUI? • You have never had a DoD contract where you have handled CDI/CUI and therefore, you have never done a self-assessment and your contract award date slipped past the originally planned award date that was prior to November 30, 2020. The issue will be whether or not your “new” contract includes DFARS 252.204-7012. Since the new requirements are not based on the actual data that is handled as part of the contract, i.e., you could have DFARS 252.204-7012 in your contract but there is no access to CDI/CUI, (first bullet), the DFARS 252.204-7019 requirement does not care. You must have the assessment because your contract contains DFARS 252.204-7012. • An issue for all contractors – you have a POAM and you never hit your milestones, instead you keep changing the date.
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I I I . C Y B E R S E C U R I T Y M AT U R I T Y M O D E L C E R T I F I C AT I O N R E Q U I R E M E N T S A N D S TAT U S S U S A N WA R S H A W E B N E R S T I N S O N L L P
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 A . C y b e r s e c u r i t y M a t u r i t y M o d e l C e r t i f i c a t i o n i s a U n i f y i n g C o m p r e h e n s i v e a n d S c a l a b l e S t a n d a r d f o r I m p l e m e n t a t i o n o f C y b e r s e c u r i t y A c r o s s t h e D I B • New Clause: DFARS 252.204-7021, Cybersecurity Maturity Model Certification Requirements, Effective November 30, 2020 • Requires Present Contractor’s Compliance with Identified CMMC Level for Contract Award and Life of Contract • CMMC Establishes 5 Levels Of Cyber Compliance: • Level 1 – Basic Cyber Hygiene – 52.204-21 (FCI and CUI) • Level 2 - Intermediate Cyber Hygiene - Getting Ready for Handling DoD CUI • Level 3 – Good Cyber Hygiene - Lowest level for handling DoD CUI • Level 4 – Proactive Cyber Hygiene, Protect CUI and Reduce Risk of Advanced Persistent Threats (APTs) • Level 5 – Advanced/Progressive Cyber Hygiene, Protect CUI and Reduce Risk of Advanced Persistent Threats (APTs) • Coverage at Appropriate “Entire Enterprise Network”, “Segment”, “Enclave” • All Contracts, Except Exclusively COTS, Require Contractor CMMC Certification for Award • Requires Flowdown Throughout Contractor’s Entire Supply Chain
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 B . C M M C A S S E S S M E N T S A N D C E R T I F I C AT I O N S • Historically DCMA/DIBCAC Conducts Assessments • Moving Forward CMMC Advisory Board (CMMC-AB) Has Been Established for Third Party Assessment Matters • C3PAOs Must Be Accredited and Meet All DoD Requirements and Fully Comply with ISO/IEC 17020 • Only Authorized or Certified CMMC Assessors May Conduct CMMC Assessments • US Citizenship Required for CA-1, -3, -5 Assessors • International C3PAOs • Must Be Citizens of the Country Where the C3PAO is Based • Authorized Only to Assess Contractors Based in that Country per Bi-Lateral Agreements • CMMC-AB Marketplace • Contractor’s C3PAO Assessment Will Be Sent to DoD for CMMC Certification • Generally, CMMC Certificate Will Be Valid for 3 Years
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 D . D I S P U T E R E S O L U T I O N P R O C E S S E S • C3PAO Assesses; CMMC-AB Maintains/Stores the Reports • DIB Contractor Receives C3PAO Assessment • May Submit Dispute Adjudication Request to CMMC-AB, e.g., Support with Information re Errors, Malfeasance, Ethical Lapses by C3PAO • CMMC-AB Will Follow Formal Process to Review Adjudication Request and Provide Preliminary Finding • If Contractor Disagrees, CMMC-AB Staff will perform Additional Assessment • What If Contractor Still Disagrees? Can It bring a Protest? Raise a Claim? E. DOD ROLL OUT: • 5 Year Phased In Roll Out Plan Runs Until September 30, 2025, Where 252.204-7012 Clause in Contract and SOW Requires a CMMC Level, Except Exclusively COTS Contract • Primes Required to Flow Down Appropriate CMMC Requirement to Subcontractors * H T T P S : / / W W W . A C Q . O S D . M I L / C M M C / F A Q . H T M L
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I V . C M M C R O L L - O U T I S S U E S A . C Y B E R S E C U R I T Y A N D C M M C V O C A B U L A R Y B . C U I C . O T H E R I S S U E S D AV I D D E M P S E Y D E M P S E Y F O N TA N A , P L L C
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I V. C M M C R O L L - O U T I S S U E S A . C Y B E R S E C U R I T Y A N D C M M C V O C A B U L A R Y S O U R C E S : C M M C G L O S S A R Y ( N O V . 3 0 , 2 0 2 0 ) N I S T ( N U M E R O U S S P s A N D I R s ) C N S S I 4 0 0 9 G L O S S A R Y ( A P R . 6 , 2 0 1 5 ) F I P S D o D I N S T R U C T I O N S → C M M C C E R T I F I C A T I O N B O U N D A R Y ( A S S E S S M E N T B O U N D A R Y ) → S E C U R I T Y C O N T R O L A S S E S S M E N T → E N A B L I N G A S S E T → F C I , C U I , C D I , C T I , S I ( S E N S I T I V E I N F O R M A T I O N ) → B A S E L I N E , B A S E L I N E C O N F I G U R A T I O N , B A S E L I N E S E C U R I T Y → C H A N G E C O N T R O L ( C H A N G E M A N A G E M E N T ) → C O N T A I N E R ( I N F O R M A T I O N A S S E T C O N T A I N E R ) → L E A S T P R I V I L E G E → S A N D B O X I N G
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I V. C M M C R O L L - O U T I S S U E S B . C U I ► D O E S F C I = C U I ? ► C U I M A R K I N G S : C U I / / S P - P R O C U R E ; C U I ; C U I / / S P - C T I ; C U I / / S P - E X P T ; C U I / / S P - P R O P I N ● C U I B A S I C ● C U I S P E C I F I E D ● P L U S O T H E R M A R K I N G S : F A R 1 5 . 2 1 5 - 1 ( e ) t i t l e p a g e ; D F A R S t e c h d a t a a n d s o f t w a r e m a r k i n g s ; D o D D i s t r i b u t i o n S t a t e m e n t s f o r C T I ; c o m p a n y p r o p r i e t a r y m a r k i n g s ► “ A U T H O R I Z E D H O L D E R ” ( P E R M I T T E D T O D E S I G N A T E O R H A N D L E C U I ) ● D O D I 5 2 0 0 . 4 8 , C o n t r o l l e d U n c l a s s i f i e d I n f o r m a t i o n ( M a r c h 6 , 2 0 2 0 ) ; C o n t r o l l e d U n c l a s s i f i e d I n f o r m a t i o n M a r k i n g s ( N o v . 4 , 2 0 2 0 ) ( L D C s s u c h a s F E D C O N , N O F O R N , N O C O N , D L O N L Y ) ● D O D p h a s e d C U I p r o g r a m i m p l e m e n t a t i o n – I G N O R E I S O O C U I M A R K I N G S ► C U I A N D C L A S S I F I E D M A R K I N G S : C O M M I N G L E D ( 3 2 C F R 1 1 7 . 1 3 / 1 4 ) ( F E B 2 0 2 1 )
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I V. C M M C R O L L - O U T I S S U E S C . O T H E R I S S U E S ► P I L O T P R O G R A M S I D E N T I F I E D ► C M M C A S S E S S M E N T G U I D A N C E : ● L E V E L 1 A S S E S S M E N T G U I D E ( V . 1 . 1 0 ) : T h e L e v e l 1 a s s e s s m e n t c r i t e r i a a r e a u t h o r i t a t i v e a n d p r o v i d e a b a s i s f o r a c e r t i f i e d a s s e s s o r t o c o n d u c t a n a s s e s s m e n t o f a p r a c t i c e . ● L E V E L 3 A S S E S S M E N T G U I D E ( V . 1 . 1 0 ) : ( 1 ) C e r t i f i e d a s s e s s o r s w i l l u s e t h i s a s s e s s m e n t g u i d e t o c o n d u c t C M M C L e v e l 2 a n d L e v e l 3 a s s e s s m e n t s ; ( 2 ) A c o n t r a c t o r c a n a c h i e v e a C M M C c e r t i f i c a t i o n f o r t h e e n t e r p r i s e n e t w o r k o r p a r t i c u l a r s e g m e n t ( s ) ” d e p e n d i n g o n t h e s c o p e o f t h e C M M C a s s e s s m e n t ; ( 3 ) P r i o r t o a C M M C a s s e s s m e n t , t h e c o n t r a c t o r m u s t d e f i n e t h e s c o p e f o r t h e a s s e s s m e n t t h a t r e p r e s e n t s t h e b o u n d a r y f o r w h i c h t h e C M M C c e r t i f i c a t e w i l l b e i s s u e d . ► P R O T E S T S , C O N T R A C T / S U B C O N T R A C T R E A s a n d C L A I M S
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C H O W W I L L T H E R E C E N T S O L A R W I N D S C Y B E R AT TA C K A N D O T H E R S I M PA C T C M M C T H R E S H O L D S ? C H U C K B R O O K S C H E T Z 1 8 @ A O L . C O M
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C • YOU HAVE SUBMITTED A PROPOSAL THAT WAS TO BE AWARED PRIOR TO NOV 30 BUT IT NOW HAS BEEN DELAYED. ARE YOU STILL ELIGIBLE FOR AWARD? • WAS YOUR SOLICITATION REVISED TO ADD THE 252.204-7019 CLAUSE? • AND IF NOT, WOULD THE CHRISTIAN DOCTIRINE WRITE IT IN? • WOULD THIS BE PROTESIBLE? WHATE ARE YOUR CHANES TO PREVAIL IN A PROTEST? JODY REED J R E E D @ M W L L E G A L . C O M
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C H A S C M M C - A B S TA R T E D T O C E R T I F Y C 3 PA O S A N D A S S E S S O R S ? S U S A N WA R S H A W E B N E R S U S A N . E B N E R @ S T I N S O N . C O M
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C P L E A S E I D E N T I F Y A N D E X P L A I N W H AT Y O U C O N S I D E R T H E F O U N D AT I O N F O R C O N T R A C T O R I M P L E M E N TAT I O N D AV I D D E M P S E Y D D E M P S E Y @ D E F T L AW . C O M 7 0 3 - 8 8 0 - 9 1 7 1
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C W H AT R E C O M M E N D AT I O N S D O Y O U S U G G E S T C O M PA N I E S P U R S U E T O M A K E T H E M S E LV E S M O R E C Y E R - S E C U R E ? C H U C K B R O O K S C H E T Z 1 8 @ A O L . C O M
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C W H AT L E V E L O F C M M C M U S T P R I M E C O N T R A C T O R S R E Q U I R E O F T H E I R S U B - C O N T R A C T O R S ? S U S A N WA R H S A W E B N E R S U S A N . E B N E R @ S T I N S O N . C O M 2 0 2 - 5 7 2 - 9 9 2 7
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C W H O I S S U P P O S E D T O D E C I D E O N W H E T H E R A PA R T I C U L A R P R O G R A M R E Q U I R E S D FA R S 2 5 2 . 2 0 4 - 7 0 1 2 A N D T H E A S S E S S M E N T L E V E L P U R S U A N T T O D FA R S 2 5 2 . 2 0 4 - 7 0 1 9 ? J O D Y R E E D J R E E D @ M W L L E G A L . C O M
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C W I L L C M M C L E V E L 2 B E U S E D B E T W E E N N O W A N D F Y 2 0 2 5 ? D AV I D D E M P S E Y D D E M P S E Y @ D E F T L AW . C O M
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C NOW OPEN FOR AUDIENCE QUESTIONS
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C T H A N K Y O U F O R AT T E N D I N G T H A N K Y O U T O O U R S P E A K E R S P P T S A R E AVA I L A B L E O N S L I D E S H A R E . N E T
J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C A D D I T I O N A L Q U E S T I O N S F O R O U R S P E A K E R S C H U C K B R O O K S S U S A N WA R S H AW E B N E R C H E T Z 1 8 @ A O L . C O M S U S A N . E B N E R @ S T I N S O N . C O M 5 7 1 - 2 9 6 - 2 1 6 4 2 0 2 - 5 7 2 - 9 9 2 7 D AV I D D E M P S E Y J O D Y R E E D D D E M P S E Y @ D E F T L A W . C O M J R E E D @ M W L L E G A L . C O M 7 0 3 - 8 8 0 - 9 1 7 1 7 0 3 - 4 8 3 - 2 8 1 8
G O V C O N Q & A C A F E Hello@JenniferSchaus.com Washington, DC 202-365-0598

Recommended

2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 292024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 29
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 282024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 28
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 262024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 26
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 252024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 25
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 24
2024: The FAR, Federal Acquisition Regulations - Part 242024: The FAR, Federal Acquisition Regulations - Part 24
2024: The FAR, Federal Acquisition Regulations - Part 24
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 23
2024: The FAR, Federal Acquisition Regulations - Part 232024: The FAR, Federal Acquisition Regulations - Part 23
2024: The FAR, Federal Acquisition Regulations - Part 23
JSchaus & Associates
 

Recommended

2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 292024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 29
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 282024: The FAR, Federal Acquisition Regulations - Part 28
2024: The FAR, Federal Acquisition Regulations - Part 28
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 272024: The FAR, Federal Acquisition Regulations - Part 27
2024: The FAR, Federal Acquisition Regulations - Part 27
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 262024: The FAR, Federal Acquisition Regulations - Part 26
2024: The FAR, Federal Acquisition Regulations - Part 26
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 252024: The FAR, Federal Acquisition Regulations - Part 25
2024: The FAR, Federal Acquisition Regulations - Part 25
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 24
2024: The FAR, Federal Acquisition Regulations - Part 242024: The FAR, Federal Acquisition Regulations - Part 24
2024: The FAR, Federal Acquisition Regulations - Part 24
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 23
2024: The FAR, Federal Acquisition Regulations - Part 232024: The FAR, Federal Acquisition Regulations - Part 23
2024: The FAR, Federal Acquisition Regulations - Part 23
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 19
2024: The FAR, Federal Acquisition Regulations - Part 192024: The FAR, Federal Acquisition Regulations - Part 19
2024: The FAR, Federal Acquisition Regulations - Part 19
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 22
2024: The FAR, Federal Acquisition Regulations - Part 222024: The FAR, Federal Acquisition Regulations - Part 22
2024: The FAR, Federal Acquisition Regulations - Part 22
JSchaus & Associates
 
GSA Schedules - Requirements And Reality
GSA Schedules - Requirements And RealityGSA Schedules - Requirements And Reality
GSA Schedules - Requirements And Reality
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 18
2024: The FAR, Federal Acquisition Regulations - Part 182024: The FAR, Federal Acquisition Regulations - Part 18
2024: The FAR, Federal Acquisition Regulations - Part 18
JSchaus & Associates
 
SPONSORED CONTENT - MyGovWatch - RFP Cliches Debunked: What Government Buyers...
SPONSORED CONTENT - MyGovWatch - RFP Cliches Debunked: What Government Buyers...SPONSORED CONTENT - MyGovWatch - RFP Cliches Debunked: What Government Buyers...
SPONSORED CONTENT - MyGovWatch - RFP Cliches Debunked: What Government Buyers...
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 17
2024: The FAR, Federal Acquisition Regulations - Part 172024: The FAR, Federal Acquisition Regulations - Part 17
2024: The FAR, Federal Acquisition Regulations - Part 17
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 16
2024: The FAR, Federal Acquisition Regulations - Part 162024: The FAR, Federal Acquisition Regulations - Part 16
2024: The FAR, Federal Acquisition Regulations - Part 16
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 15
2024: The FAR, Federal Acquisition Regulations - Part 152024: The FAR, Federal Acquisition Regulations - Part 15
2024: The FAR, Federal Acquisition Regulations - Part 15
JSchaus & Associates
 
SPONSORED CONTENT - AGILE ATS - Recruiting Strategies Systems & Tactics For G...
SPONSORED CONTENT - AGILE ATS - Recruiting Strategies Systems & Tactics For G...SPONSORED CONTENT - AGILE ATS - Recruiting Strategies Systems & Tactics For G...
SPONSORED CONTENT - AGILE ATS - Recruiting Strategies Systems & Tactics For G...
JSchaus & Associates
 
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
JSchaus & Associates
 
2024: The FAR, Federal Acquisiton Regulations - Part 14
2024: The FAR, Federal Acquisiton Regulations - Part 142024: The FAR, Federal Acquisiton Regulations - Part 14
2024: The FAR, Federal Acquisiton Regulations - Part 14
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 13
2024: The FAR, Federal Acquisition Regulations - Part 132024: The FAR, Federal Acquisition Regulations - Part 13
2024: The FAR, Federal Acquisition Regulations - Part 13
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 12
2024: The FAR, Federal Acquisition Regulations - Part 122024: The FAR, Federal Acquisition Regulations - Part 12
2024: The FAR, Federal Acquisition Regulations - Part 12
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 11
2024: The FAR, Federal Acquisition Regulations - Part 112024: The FAR, Federal Acquisition Regulations - Part 11
2024: The FAR, Federal Acquisition Regulations - Part 11
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 10
2024: The FAR, Federal Acquisition Regulations - Part 102024: The FAR, Federal Acquisition Regulations - Part 10
2024: The FAR, Federal Acquisition Regulations - Part 10
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 9
2024: The FAR, Federal Acquisition Regulations - Part 92024: The FAR, Federal Acquisition Regulations - Part 9
2024: The FAR, Federal Acquisition Regulations - Part 9
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 8
2024: The FAR, Federal Acquisition Regulations - Part 82024: The FAR, Federal Acquisition Regulations - Part 8
2024: The FAR, Federal Acquisition Regulations - Part 8
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 7
2024: The FAR, Federal Acquisition Regulations - Part 72024: The FAR, Federal Acquisition Regulations - Part 7
2024: The FAR, Federal Acquisition Regulations - Part 7
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 6
2024: The FAR, Federal Acquisition Regulations - Part 62024: The FAR, Federal Acquisition Regulations - Part 6
2024: The FAR, Federal Acquisition Regulations - Part 6
JSchaus & Associates
 
2024: The FAR, Federal Acquisition Regulations - Part 5
2024: The FAR, Federal Acquisition Regulations - Part 52024: The FAR, Federal Acquisition Regulations - Part 5
2024: The FAR, Federal Acquisition Regulations - Part 5
JSchaus & Associates
 
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Hemant Purohit
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Call Girls in Nagpur High Profile
 

More Related Content

More from JSchaus & Associates

More from JSchaus & Associates (20)

2024: The FAR, Federal Acquisition Regulations - Part 19
2024: The FAR, Federal Acquisition Regulations - Part 192024: The FAR, Federal Acquisition Regulations - Part 19
2024: The FAR, Federal Acquisition Regulations - Part 19
 
2024: The FAR, Federal Acquisition Regulations - Part 22
2024: The FAR, Federal Acquisition Regulations - Part 222024: The FAR, Federal Acquisition Regulations - Part 22
2024: The FAR, Federal Acquisition Regulations - Part 22
 
GSA Schedules - Requirements And Reality
GSA Schedules - Requirements And RealityGSA Schedules - Requirements And Reality
GSA Schedules - Requirements And Reality
 
2024: The FAR, Federal Acquisition Regulations - Part 18
2024: The FAR, Federal Acquisition Regulations - Part 182024: The FAR, Federal Acquisition Regulations - Part 18
2024: The FAR, Federal Acquisition Regulations - Part 18
 
SPONSORED CONTENT - MyGovWatch - RFP Cliches Debunked: What Government Buyers...
SPONSORED CONTENT - MyGovWatch - RFP Cliches Debunked: What Government Buyers...SPONSORED CONTENT - MyGovWatch - RFP Cliches Debunked: What Government Buyers...
SPONSORED CONTENT - MyGovWatch - RFP Cliches Debunked: What Government Buyers...
 
2024: The FAR, Federal Acquisition Regulations - Part 17
2024: The FAR, Federal Acquisition Regulations - Part 172024: The FAR, Federal Acquisition Regulations - Part 17
2024: The FAR, Federal Acquisition Regulations - Part 17
 
2024: The FAR, Federal Acquisition Regulations - Part 16
2024: The FAR, Federal Acquisition Regulations - Part 162024: The FAR, Federal Acquisition Regulations - Part 16
2024: The FAR, Federal Acquisition Regulations - Part 16
 
2024: The FAR, Federal Acquisition Regulations - Part 15
2024: The FAR, Federal Acquisition Regulations - Part 152024: The FAR, Federal Acquisition Regulations - Part 15
2024: The FAR, Federal Acquisition Regulations - Part 15
 
SPONSORED CONTENT - AGILE ATS - Recruiting Strategies Systems & Tactics For G...
SPONSORED CONTENT - AGILE ATS - Recruiting Strategies Systems & Tactics For G...SPONSORED CONTENT - AGILE ATS - Recruiting Strategies Systems & Tactics For G...
SPONSORED CONTENT - AGILE ATS - Recruiting Strategies Systems & Tactics For G...
 
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
SPONSORED CONTENT - DV Solutions - Building Relationships With The Federal Fo...
 
2024: The FAR, Federal Acquisiton Regulations - Part 14
2024: The FAR, Federal Acquisiton Regulations - Part 142024: The FAR, Federal Acquisiton Regulations - Part 14
2024: The FAR, Federal Acquisiton Regulations - Part 14
 
2024: The FAR, Federal Acquisition Regulations - Part 13
2024: The FAR, Federal Acquisition Regulations - Part 132024: The FAR, Federal Acquisition Regulations - Part 13
2024: The FAR, Federal Acquisition Regulations - Part 13
 
2024: The FAR, Federal Acquisition Regulations - Part 12
2024: The FAR, Federal Acquisition Regulations - Part 122024: The FAR, Federal Acquisition Regulations - Part 12
2024: The FAR, Federal Acquisition Regulations - Part 12
 
2024: The FAR, Federal Acquisition Regulations - Part 11
2024: The FAR, Federal Acquisition Regulations - Part 112024: The FAR, Federal Acquisition Regulations - Part 11
2024: The FAR, Federal Acquisition Regulations - Part 11
 
2024: The FAR, Federal Acquisition Regulations - Part 10
2024: The FAR, Federal Acquisition Regulations - Part 102024: The FAR, Federal Acquisition Regulations - Part 10
2024: The FAR, Federal Acquisition Regulations - Part 10
 
2024: The FAR, Federal Acquisition Regulations - Part 9
2024: The FAR, Federal Acquisition Regulations - Part 92024: The FAR, Federal Acquisition Regulations - Part 9
2024: The FAR, Federal Acquisition Regulations - Part 9
 
2024: The FAR, Federal Acquisition Regulations - Part 8
2024: The FAR, Federal Acquisition Regulations - Part 82024: The FAR, Federal Acquisition Regulations - Part 8
2024: The FAR, Federal Acquisition Regulations - Part 8
 
2024: The FAR, Federal Acquisition Regulations - Part 7
2024: The FAR, Federal Acquisition Regulations - Part 72024: The FAR, Federal Acquisition Regulations - Part 7
2024: The FAR, Federal Acquisition Regulations - Part 7
 
2024: The FAR, Federal Acquisition Regulations - Part 6
2024: The FAR, Federal Acquisition Regulations - Part 62024: The FAR, Federal Acquisition Regulations - Part 6
2024: The FAR, Federal Acquisition Regulations - Part 6
 
2024: The FAR, Federal Acquisition Regulations - Part 5
2024: The FAR, Federal Acquisition Regulations - Part 52024: The FAR, Federal Acquisition Regulations - Part 5
2024: The FAR, Federal Acquisition Regulations - Part 5
 

Recently uploaded

Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Call Girls in Nagpur High Profile
 
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our EscortsVIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
sonatiwari757
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
MOHANI PANDEY
 
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
tanu pandey
 
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Dipal Arora
 
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
MOHANI PANDEY
 
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 

Recently uploaded (20)

Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
 
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
 
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...The Economic and Organised Crime Office (EOCO) has been advised by the Office...
The Economic and Organised Crime Office (EOCO) has been advised by the Office...
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
 
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our EscortsVIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
 
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Nanded City Call Me 7737669865 Budget Friendly No Advance Booking
 
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble BeginningsZechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
Zechariah Boodey Farmstead Collaborative presentation - Humble Beginnings
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
 
EDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxEDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptx
 
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Budhwar Peth Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
 
Item # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdfItem # 4 - 231 Encino Ave (Significance Only).pdf
Item # 4 - 231 Encino Ave (Significance Only).pdf
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.
 
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxxIncident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
Incident Command System xxxxxxxxxxxxxxxxxxxxxxxxx
 
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore EscortsVIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
VIP Russian Call Girls in Indore Ishita 💚😋 9256729539 🚀 Indore Escorts
 
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
Booking open Available Pune Call Girls Shukrawar Peth 6297143586 Call Hot In...
 
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
Just Call Vip call girls Wardha Escorts ☎️8617370543 Starting From 5K to 25K ...
 
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
 
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
Call Girls Service Connaught Place @9999965857 Delhi 🫦 No Advance VVIP 🍎 SER...
 
2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar2024 Zoom Reinstein Legacy Asbestos Webinar
2024 Zoom Reinstein Legacy Asbestos Webinar
 

Federal Government Contracting - LIVE Q&A - Topic: CMMC / Cybersecurity

  • 1. G O V C O N Q & A C A F E
  • 2. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F E 2 N D F R I D AY O F E A C H M O N T H 1 2 P M – 1 . 3 0 P M [ E A S T E R N ] C O N T E N T & L I V E Q & A F R O M G O V C O N E X P E R T S R E C O R D I N G S AVA I L A B L E AT T H E S A M E R E G I S T R AT I O N L I N K P P T S AVA I L A B L E AT S L I D E S H A R E . N E T
  • 3. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F E 8 J A N U A RY: C Y B E R S E C U R I T Y / C M M C 1 2 F E B R U A RY: O TA – O T H E R T R A N S A C T I O N A U T H O R I T I E S 1 2 M A R C H : B I D P R O T E S T 1 9 A P R I L : T E A M I N G A G R E E M E N T S 1 4 M AY: S U B - C O N T R A C T I N G 11 J U N E : S A L E S A N D C A P T U R E
  • 4. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 9 J U LY: P R O P O S A L W R I T I N G 1 3 A U G U S T: C O M P L I A N C E 1 0 S E P T E M B E R : O R A L P R E S E N TAT I O N S 8 O C TO B E R : S E T- A S I D E S 1 2 N O V E M B E R : P R I C I N G 1 0 D E C E M B E R : M & A
  • 5. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 A B O U T O U R C O N S U LT I N G S E RV I C E S F O R F E D E R A L C O N T R A C TO R S : * M A R K E T A N A LY S I S * P R O P O S A L W R I T I N G * P R I C I N G * C O M P L I A N C E / A D M I N I S T R AT I O N * M A R K E T I N G & B U S I N E S S D E V E L O P M E N T / C A P T U R E * G S A S C H E D U L E
  • 6. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 A B O U T O U R W E B I N A R S  O V E R 4 0 0 + C O M P L I M E N TA RY G O V C O N W E B I N A R S O N O U R Y O U T U B E C H A N N E L C O V E R I N G G S A S C H E D U L E S TO P R I C I N G TO C O M P L I A N C E  J O I N U S O N W E D N E S D AY S I N 2 0 2 1 F O R A C O M P L I M E N TA RY S E R I E S C O V E R I N G E A C H PA R T O F T H E D FA R S , S E Q U E N T I A L LY  D F A R | G O V E R N M E N T C O N T R A C T S ( J E N N I F E R S C H A U S . C O M )  2 0 2 0 W E B I N A R S C O V E R E D E A C H PA R T O F T H E FA R , S E Q U E N T I A L LY  F A R | G O V E R N M E N T C O N T R A C T S ( J E N N I F E R S C H A U S . C O M )
  • 7. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 THANK YOU TO OUR SPONSORS S P O N S O R I N F O : H E L L O # @ J E N N I F E R S C H A U S . C O M
  • 8. C3 Integrated Solutions is a full-service IT provider, helping DoD contractors achieve CMMC compliance through cloud- based solutions including Microsoft 365 GCC and GCC High. No matter where you are on your journey to CMMC compliance, C3 can help. C3’s unique, step-by-step CMMC Readiness Program helps companies comply with NIST 800-171 and CMMC. Learn more at https://C3isit.com/cmmc
  • 9. The National Veteran Small Business Coalition (NVSBC) is the largest non-profit trade association in the country representing veteran and service-disabled veteran-owned small business in the federal marketplace as prime and subcontractors. NVSBC provides networking, match- making, coaching, and training opportunities for members. Please visit: www.nvsbc.org
  • 10. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 Set-Aside Alert is the premier federal government contract information service, focused on small businesses, minority-owned and women-owned businesses, veteran- and SDV-owned businesses, SBA 8(a)-certified companies and HUBzone businesses. The newsletter provides RFP opportunities for set-asides. www.setasidealert.com Tom Johnson 301-229-5561
  • 11. Free, confidential counseling + online resources & training SAM/DSBS Certifications & set-asides: 8(a), EDWOSB, WOSB, VOSB, SDVOSB, HUBZone NAICS Codes State & Local (eVA, SWAM) Capabilities statements Marketing to the government Market research Business development Proposals / RFP responses Security clearances Compliance Teaming / subcontracting strategies GSA Schedules Pricing Contract management Contract performance & more THIS PROCUREMENT TECHNICAL ASSISTANCE CENTER IS FUNDED IN PART T HROUGH A COOPERATIVE AGREEMENT WITH THE DEFENSE LOGISTICS AGENCY.  Step 1) Full training calendar: virginiaptac.org tip: click “year” above the calendar to see list form & use the filter features to find specific topics  Step 2) Register as client https://virginiaptac.org/services/counseling/ Outside Virginia? visit www.aptac-us.org to find your local PTAC Help with registration, counseling, classes – ptac@gmu.edu or 703-277-7750 Check out the Bid Match Service Subscription (110+ Federal, State, Local, International)
  • 12. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 CYBER SECURITY / CMMC
  • 13. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 – C Y B E R S E C U R I T Y / C M M C WELCOME & THANK YOU TO OUR SPEAKERS
  • 14. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 – C Y B E R S E C U R I T Y / C M M C C H U C K B R O O K S B R O O K S C O N S U LT I N G I N T E R N AT I O N A L C H E T Z 1 8 @ A O L . C O M 5 7 1 - 2 9 6 - 2 1 6 4
  • 15. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 – C Y B E R S E C U R I T Y / C M M C J O D Y R E E D M C M A H O N , W E L C H A N D L E A R N E D , P L L C J R E E D @ M W L L E G A L . C O M 7 0 3 - 4 8 3 - 2 8 1 8
  • 16. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 – C Y B E R S E C U R I T Y / C M M C S U S A N WA R S H AW E B N E R S T I N S O N L L P S U S A N . E B N E R @ S T I N S O N . C O M 2 0 2 - 5 7 2 - 9 9 2 7
  • 17. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 – C Y B E R S E C U R I T Y / C M M C D AV I D D E M P S E Y D E M P S E Y F O N TA N A , P L L C d d e m p s e y @ d e f t l a w . c o m 7 0 3 - 8 8 0 - 9 1 7 1
  • 18. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 CYBER SECURITY / CMMC
  • 19. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C WHAT WE WILL COVER TODAY: I. WHY CMMC WAS CREATED II. BASIC ASSESSMENT REQUIREMENTS AND STATUS III.CMMC REQUIREMENTS AND STATUS IV. CMMC ROLL OUT ISSUES
  • 20. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I . W H Y C M M C WA S C R E AT E D – C H U C K B R O O K S
  • 21. CMMC BASICS: The Cybersecurity Maturity Model Certification (CMMC) is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain DoD's prime contractors and subcontractors must satisfy 1/5 of CMMC's trust levels. These entities must prove sufficient cybersecurity implementation via completing independent validation activities. CMMC will be a phased in approach with new contracts starting Q4 2020 through 2026 While the CMMC framework is not finalized yet, it is known that this new umbrella standard will include requirements from NIST 800-171, FAR document 52.204-21, and beyond
  • 22. The Department of Defense (DoD) established the Cybersecurity Maturity Model Certification (CMMC) in response to the increase of malicious cyber attacks, especially against supply chains. (Solar Winds now being the most pervasive) Examples of earlier attacks: Jan-Feb 2018: Comprise of US Navy “Operation SEA DRAGON” – Chinese hackers stole sensitive U.S. Navy submarine plans from Rhode Island DoD contractor Chinese government hackers compromised the computers of a U.S. Navy contractor and stole a large amount (approximately 600+ Gigabits) of highly sensitive data on undersea warfare, including plans for a supersonic anti-ship missile for use on U.S. submarines. March 2019: US Navy Review Concludes it is “Under Siege” by Chinese Hackers & Attackers - The Wall Street Journal reported Dec 2018 – Mar 2019. Chinese hackers have repeatedly hit the Navy, defense contractors, and even universities that partner with the service. “We are under siege,” a senior Navy official told The Journal Sept-Dec 2019: Compromise of Emails and LinkedIn Accounts of military defense companies - the attackers used social engineering via LinkedIn, hiding behind the ruse of attractive, but bogus, job offers. Having established an initial foothold, the attackers deployed their custom, multistage malware, along with modified open-source tools 2017-2020: The Chinese APT Threat to Cleared Defense Contractors - cybersecurity firm Lookout linked an APT15 malware sample to a Chinese defense contractor Feb-June 2020: DCSA Bulletin – US Defense Focused – DCSA’s cyber division detected nearly 600 “inbound and outbound connections” from “highly likely Electric Panda cyber threat actors” targeting 38 cleared contractor facilities.
  • 23. Five levels of CMMC certification: Each level will require more practices and controls than the previous with level one being the lowest and five being the highest level. The certification will be valid for three years. • Basic Cyber Hygiene • Intermediate Cyber Hygiene • Good Cyber Hygiene • Proactive • Advanced or Progressive J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1
  • 24. Integrating new solutions for bolstering cybersecurity including:  Compliant platforms  Encrypted assets  Data back-ups  Monitoring  Management What’s Next? • In December 2020 DOD disclosed the first seven contracts that are likely to be the initial test cases for the Cybersecurity Maturity Model Certification (CMMC) program. • An interim rule that formally laid down the regulatory framework for CMMC began in December 2020. DoD is now reviewing comments from industry ahead of any potential changes the department might make to the rule. • Lawmakers have included nine provisions in the fiscal 2021 National Defense Authorization Act asking for more details and insights into how DoD will roll out CMMC.
  • 25. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I I . B A S I C A S S E S S M E N T R E Q U I R E M E N T S A N D S TAT U S J O D Y R E E D M C M A H O N , W E L C H & L E A R N E D , P L L C
  • 26. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 A . D FA R S I N T E R I M R U L E I S S U E D S E P T E M B E R 2 9 , 2 0 2 0 • Effective Date: November 30, 2020 • The Rule added three new DFARS Clauses • DFARS 252.204-7019 Notice of NIST SP 800-171 DoD Assessment Requirements • DFARS 252.204-7020 NIST SP 800-171 DoD Assessment Requirements • DFARS 252.204-7021 Contractor Compliance with The Cybersecurity Maturity Model Certification Level Requirement • Once the Rule became effective, DoD was not supposed to awarded any contracts that included the DFARS 252.204-7012 clause to any contractors who did not comply with DFARS 252.204- 7019. There is no exception for FAR Part 12 commercial contracts. The only exception is for COTS.
  • 27. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 B . D FA R S 2 5 2 . 2 0 4 - 7 0 1 9 N O T I C E O F N I S T S P 8 0 0 - 1 7 1 D O D A S S E S S M E N T R E Q U I R E M E N T S • Key Definitions: • Assessment levels – Basic, Medium & High all have the meanings from NIST SP 800-171 • Covered contractor information system – definition from DFARS 252.204-7012 • Requirement – after November 30, 2020 a contractor cannot be awarded a contract unless they have a recent assessment (within 3 years) posted in the Supplier Performance Risk System (SPRS) at https:/sprs.csd.disa.mil/ for all covered contractor information systems relevant to the offer. The contract must also include DFARS 252.204-7012 for this requirement to be applicable. • Unless the assessment is at the Basic level, the assessment is conducted by another organization. The assessment is based on a spreadsheet which results in a “summary level score” of the contractor’s compliance with NIST SP 800-171. Each security requirement is weighted based on the impact to the information system and any covered defense information (CDI) that passes through the system. A contractor may have negative scores and a maximum score is 110. • If a contractor does not have any summary scores from a current assessment, it may conduct its own assessment and submit it to webptsmh@navy.mil who will post it to SPRS. • Oddly enough there is no requirement in the clause that a contractor have a particular score in order to be awarded a contract.
  • 28. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 C . D FA R S 2 5 2 . 2 0 4 - 7 0 2 0 N I S T S P 8 0 0 - 1 7 1 D O D A S S E S S M E N T R E Q U I R E M E N T S • Key Definitions: • Basic Assessment – the self assessment by a contractor that results in a “Low” confidence rating. • Medium Assessment – the assessment is conducted by the Government, but at a lower level than a High assessment and the confidence level is “Medium.” • High Assessment – the assessment is conducted by Government personnel and results in a confidence level of “High.” • Covered contractor information system – definition from DFARS 252.204-7012 • This clause requires a contractor to provide access to its facilities, its self assessments, the documentation associated with the information system/assessment and personnel based on the risk associated with the CDI/CUI (Controlled Unclassified Information) data that a contractor handles such that the contractor must be at either High or Medium.
  • 29. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 D . P O T E N T I A L I S S U E S • A potential big issue for small businesses – you have been awarded contracts with DFARS 252.204-7012 since December 31, 2017 (or earlier) and you have not performed any assessment of your IT system. Would this matter if you were never provided any CDI/CUI? • You have never had a DoD contract where you have handled CDI/CUI and therefore, you have never done a self-assessment and your contract award date slipped past the originally planned award date that was prior to November 30, 2020. The issue will be whether or not your “new” contract includes DFARS 252.204-7012. Since the new requirements are not based on the actual data that is handled as part of the contract, i.e., you could have DFARS 252.204-7012 in your contract but there is no access to CDI/CUI, (first bullet), the DFARS 252.204-7019 requirement does not care. You must have the assessment because your contract contains DFARS 252.204-7012. • An issue for all contractors – you have a POAM and you never hit your milestones, instead you keep changing the date.
  • 30. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I I I . C Y B E R S E C U R I T Y M AT U R I T Y M O D E L C E R T I F I C AT I O N R E Q U I R E M E N T S A N D S TAT U S S U S A N WA R S H A W E B N E R S T I N S O N L L P
  • 31. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 A . C y b e r s e c u r i t y M a t u r i t y M o d e l C e r t i f i c a t i o n i s a U n i f y i n g C o m p r e h e n s i v e a n d S c a l a b l e S t a n d a r d f o r I m p l e m e n t a t i o n o f C y b e r s e c u r i t y A c r o s s t h e D I B • New Clause: DFARS 252.204-7021, Cybersecurity Maturity Model Certification Requirements, Effective November 30, 2020 • Requires Present Contractor’s Compliance with Identified CMMC Level for Contract Award and Life of Contract • CMMC Establishes 5 Levels Of Cyber Compliance: • Level 1 – Basic Cyber Hygiene – 52.204-21 (FCI and CUI) • Level 2 - Intermediate Cyber Hygiene - Getting Ready for Handling DoD CUI • Level 3 – Good Cyber Hygiene - Lowest level for handling DoD CUI • Level 4 – Proactive Cyber Hygiene, Protect CUI and Reduce Risk of Advanced Persistent Threats (APTs) • Level 5 – Advanced/Progressive Cyber Hygiene, Protect CUI and Reduce Risk of Advanced Persistent Threats (APTs) • Coverage at Appropriate “Entire Enterprise Network”, “Segment”, “Enclave” • All Contracts, Except Exclusively COTS, Require Contractor CMMC Certification for Award • Requires Flowdown Throughout Contractor’s Entire Supply Chain
  • 32. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 B . C M M C A S S E S S M E N T S A N D C E R T I F I C AT I O N S • Historically DCMA/DIBCAC Conducts Assessments • Moving Forward CMMC Advisory Board (CMMC-AB) Has Been Established for Third Party Assessment Matters • C3PAOs Must Be Accredited and Meet All DoD Requirements and Fully Comply with ISO/IEC 17020 • Only Authorized or Certified CMMC Assessors May Conduct CMMC Assessments • US Citizenship Required for CA-1, -3, -5 Assessors • International C3PAOs • Must Be Citizens of the Country Where the C3PAO is Based • Authorized Only to Assess Contractors Based in that Country per Bi-Lateral Agreements • CMMC-AB Marketplace • Contractor’s C3PAO Assessment Will Be Sent to DoD for CMMC Certification • Generally, CMMC Certificate Will Be Valid for 3 Years
  • 33. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 D . D I S P U T E R E S O L U T I O N P R O C E S S E S • C3PAO Assesses; CMMC-AB Maintains/Stores the Reports • DIB Contractor Receives C3PAO Assessment • May Submit Dispute Adjudication Request to CMMC-AB, e.g., Support with Information re Errors, Malfeasance, Ethical Lapses by C3PAO • CMMC-AB Will Follow Formal Process to Review Adjudication Request and Provide Preliminary Finding • If Contractor Disagrees, CMMC-AB Staff will perform Additional Assessment • What If Contractor Still Disagrees? Can It bring a Protest? Raise a Claim? E. DOD ROLL OUT: • 5 Year Phased In Roll Out Plan Runs Until September 30, 2025, Where 252.204-7012 Clause in Contract and SOW Requires a CMMC Level, Except Exclusively COTS Contract • Primes Required to Flow Down Appropriate CMMC Requirement to Subcontractors * H T T P S : / / W W W . A C Q . O S D . M I L / C M M C / F A Q . H T M L
  • 34. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I V . C M M C R O L L - O U T I S S U E S A . C Y B E R S E C U R I T Y A N D C M M C V O C A B U L A R Y B . C U I C . O T H E R I S S U E S D AV I D D E M P S E Y D E M P S E Y F O N TA N A , P L L C
  • 35. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I V. C M M C R O L L - O U T I S S U E S A . C Y B E R S E C U R I T Y A N D C M M C V O C A B U L A R Y S O U R C E S : C M M C G L O S S A R Y ( N O V . 3 0 , 2 0 2 0 ) N I S T ( N U M E R O U S S P s A N D I R s ) C N S S I 4 0 0 9 G L O S S A R Y ( A P R . 6 , 2 0 1 5 ) F I P S D o D I N S T R U C T I O N S → C M M C C E R T I F I C A T I O N B O U N D A R Y ( A S S E S S M E N T B O U N D A R Y ) → S E C U R I T Y C O N T R O L A S S E S S M E N T → E N A B L I N G A S S E T → F C I , C U I , C D I , C T I , S I ( S E N S I T I V E I N F O R M A T I O N ) → B A S E L I N E , B A S E L I N E C O N F I G U R A T I O N , B A S E L I N E S E C U R I T Y → C H A N G E C O N T R O L ( C H A N G E M A N A G E M E N T ) → C O N T A I N E R ( I N F O R M A T I O N A S S E T C O N T A I N E R ) → L E A S T P R I V I L E G E → S A N D B O X I N G
  • 36. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I V. C M M C R O L L - O U T I S S U E S B . C U I ► D O E S F C I = C U I ? ► C U I M A R K I N G S : C U I / / S P - P R O C U R E ; C U I ; C U I / / S P - C T I ; C U I / / S P - E X P T ; C U I / / S P - P R O P I N ● C U I B A S I C ● C U I S P E C I F I E D ● P L U S O T H E R M A R K I N G S : F A R 1 5 . 2 1 5 - 1 ( e ) t i t l e p a g e ; D F A R S t e c h d a t a a n d s o f t w a r e m a r k i n g s ; D o D D i s t r i b u t i o n S t a t e m e n t s f o r C T I ; c o m p a n y p r o p r i e t a r y m a r k i n g s ► “ A U T H O R I Z E D H O L D E R ” ( P E R M I T T E D T O D E S I G N A T E O R H A N D L E C U I ) ● D O D I 5 2 0 0 . 4 8 , C o n t r o l l e d U n c l a s s i f i e d I n f o r m a t i o n ( M a r c h 6 , 2 0 2 0 ) ; C o n t r o l l e d U n c l a s s i f i e d I n f o r m a t i o n M a r k i n g s ( N o v . 4 , 2 0 2 0 ) ( L D C s s u c h a s F E D C O N , N O F O R N , N O C O N , D L O N L Y ) ● D O D p h a s e d C U I p r o g r a m i m p l e m e n t a t i o n – I G N O R E I S O O C U I M A R K I N G S ► C U I A N D C L A S S I F I E D M A R K I N G S : C O M M I N G L E D ( 3 2 C F R 1 1 7 . 1 3 / 1 4 ) ( F E B 2 0 2 1 )
  • 37. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C I V. C M M C R O L L - O U T I S S U E S C . O T H E R I S S U E S ► P I L O T P R O G R A M S I D E N T I F I E D ► C M M C A S S E S S M E N T G U I D A N C E : ● L E V E L 1 A S S E S S M E N T G U I D E ( V . 1 . 1 0 ) : T h e L e v e l 1 a s s e s s m e n t c r i t e r i a a r e a u t h o r i t a t i v e a n d p r o v i d e a b a s i s f o r a c e r t i f i e d a s s e s s o r t o c o n d u c t a n a s s e s s m e n t o f a p r a c t i c e . ● L E V E L 3 A S S E S S M E N T G U I D E ( V . 1 . 1 0 ) : ( 1 ) C e r t i f i e d a s s e s s o r s w i l l u s e t h i s a s s e s s m e n t g u i d e t o c o n d u c t C M M C L e v e l 2 a n d L e v e l 3 a s s e s s m e n t s ; ( 2 ) A c o n t r a c t o r c a n a c h i e v e a C M M C c e r t i f i c a t i o n f o r t h e e n t e r p r i s e n e t w o r k o r p a r t i c u l a r s e g m e n t ( s ) ” d e p e n d i n g o n t h e s c o p e o f t h e C M M C a s s e s s m e n t ; ( 3 ) P r i o r t o a C M M C a s s e s s m e n t , t h e c o n t r a c t o r m u s t d e f i n e t h e s c o p e f o r t h e a s s e s s m e n t t h a t r e p r e s e n t s t h e b o u n d a r y f o r w h i c h t h e C M M C c e r t i f i c a t e w i l l b e i s s u e d . ► P R O T E S T S , C O N T R A C T / S U B C O N T R A C T R E A s a n d C L A I M S
  • 38. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C H O W W I L L T H E R E C E N T S O L A R W I N D S C Y B E R AT TA C K A N D O T H E R S I M PA C T C M M C T H R E S H O L D S ? C H U C K B R O O K S C H E T Z 1 8 @ A O L . C O M
  • 39. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C • YOU HAVE SUBMITTED A PROPOSAL THAT WAS TO BE AWARED PRIOR TO NOV 30 BUT IT NOW HAS BEEN DELAYED. ARE YOU STILL ELIGIBLE FOR AWARD? • WAS YOUR SOLICITATION REVISED TO ADD THE 252.204-7019 CLAUSE? • AND IF NOT, WOULD THE CHRISTIAN DOCTIRINE WRITE IT IN? • WOULD THIS BE PROTESIBLE? WHATE ARE YOUR CHANES TO PREVAIL IN A PROTEST? JODY REED J R E E D @ M W L L E G A L . C O M
  • 40. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C H A S C M M C - A B S TA R T E D T O C E R T I F Y C 3 PA O S A N D A S S E S S O R S ? S U S A N WA R S H A W E B N E R S U S A N . E B N E R @ S T I N S O N . C O M
  • 41. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C P L E A S E I D E N T I F Y A N D E X P L A I N W H AT Y O U C O N S I D E R T H E F O U N D AT I O N F O R C O N T R A C T O R I M P L E M E N TAT I O N D AV I D D E M P S E Y D D E M P S E Y @ D E F T L AW . C O M 7 0 3 - 8 8 0 - 9 1 7 1
  • 42. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C W H AT R E C O M M E N D AT I O N S D O Y O U S U G G E S T C O M PA N I E S P U R S U E T O M A K E T H E M S E LV E S M O R E C Y E R - S E C U R E ? C H U C K B R O O K S C H E T Z 1 8 @ A O L . C O M
  • 43. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C W H AT L E V E L O F C M M C M U S T P R I M E C O N T R A C T O R S R E Q U I R E O F T H E I R S U B - C O N T R A C T O R S ? S U S A N WA R H S A W E B N E R S U S A N . E B N E R @ S T I N S O N . C O M 2 0 2 - 5 7 2 - 9 9 2 7
  • 44. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C W H O I S S U P P O S E D T O D E C I D E O N W H E T H E R A PA R T I C U L A R P R O G R A M R E Q U I R E S D FA R S 2 5 2 . 2 0 4 - 7 0 1 2 A N D T H E A S S E S S M E N T L E V E L P U R S U A N T T O D FA R S 2 5 2 . 2 0 4 - 7 0 1 9 ? J O D Y R E E D J R E E D @ M W L L E G A L . C O M
  • 45. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C W I L L C M M C L E V E L 2 B E U S E D B E T W E E N N O W A N D F Y 2 0 2 5 ? D AV I D D E M P S E Y D D E M P S E Y @ D E F T L AW . C O M
  • 46. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C NOW OPEN FOR AUDIENCE QUESTIONS
  • 47. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A RY 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C T H A N K Y O U F O R AT T E N D I N G T H A N K Y O U T O O U R S P E A K E R S P P T S A R E AVA I L A B L E O N S L I D E S H A R E . N E T
  • 48. J S C H A U S & A S S O C I A T E S - W A S H D C H E L L O @ J E N N I F E R S C H A U S . C O M G O V C O N - Q & A C A F É - 2 0 2 1 J A N U A R Y 8 , 2 0 2 1 - C Y B E R S E C U R I T Y / C M M C A D D I T I O N A L Q U E S T I O N S F O R O U R S P E A K E R S C H U C K B R O O K S S U S A N WA R S H AW E B N E R C H E T Z 1 8 @ A O L . C O M S U S A N . E B N E R @ S T I N S O N . C O M 5 7 1 - 2 9 6 - 2 1 6 4 2 0 2 - 5 7 2 - 9 9 2 7 D AV I D D E M P S E Y J O D Y R E E D D D E M P S E Y @ D E F T L A W . C O M J R E E D @ M W L L E G A L . C O M 7 0 3 - 8 8 0 - 9 1 7 1 7 0 3 - 4 8 3 - 2 8 1 8
  • 49. G O V C O N Q & A C A F E Hello@JenniferSchaus.com Washington, DC 202-365-0598