SlideShare a Scribd company logo

Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors

Download as PPTX, PDF
Ignyte Assurance Platform
Ignyte Assurance Platform

Join our webinar hosted by MAGNET: The Manufacturing Advocacy and Growth Network. As the NIST and Ohio MEP program advocates, we’ve invited a leader of our technological and educational cybersecurity partner, Ignyte Institute, for a conversation on how to get on board with the emerging Cybersecurity Maturity Model Certification (CMMC). This webinar will give a detailed and realistic overview of all cybersecurity frameworks and regulations required to continue working on existing projects or bid on future contracts as Department of Defense (DoD) prime and subcontractor. Our goal is to help you assess your current state of Governance, Risk Management, and Compliance (GRC), and provide you overall guidance on a smooth transition to the new regulatory norms in order to ensure that Ohio-based businesses maintain their competitive edge in the Defense Industrial Base (DIB).

Software
1 of 30
LIVE WEBINAR 2 Mar 2021 1 – 2 PM EST Ignyte Assurance Platform hosted by MAGNET: The Manufacturing Advocacy and Growth Network Max Aulakh Founder & CEO Ignyte Assurance Platform Michael O'Donnell Vice President, Operations MAGNET Joe Vinciquerra Growth & Innovation Advisor MAGNET Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors Justus Scott CMMC Awareness Advisor Ignyte Assurance Platform
Topics to Cover Today ● MAGNET Introduction ● DFAR Rules & Historical View Point ● CMMC Emerging Standard ● CMMC Levels ● SPRS Scoring ● Estimated Cost & Role of MAGNET ● Educational Resources for Cybersecurity Maturity Model Certification (CMMC) ● Summary & Next Steps
Meet Our Speakers Max Aulakh Founder & CEO As a Data Security and Compliance Leader, he delivers DoD-tested security strategies and compliance that safeguard mission-critical IT operations. Having trained and excelled in The United States Air Force, he maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global networks — both classified and unclassified. He drove the Information Assurance (IA) programs for the U.S. Department of Defense (DoD). In 2012, Max founded Ignyte Assurance Platform, a cybersecurity company powered by a transformative GRC software engine, and its newest educational subsidiary, Ignyte Institute, to help accelerate CMMC adaptation among DoD prime and subcontractors. Michael O'Donnell Vice President, Operations Joe Vinciquerra Growth & Innovation Advisor With over 25 years of experience in engineering and manufacturing, Joe Vinciquerra has developed, sold, and delivered various growth and innovation services to companies in Northeast Ohio. Before joining the MAGNET team in 2016, he worked as a sales director and senior application engineer for Water Star Inc., a company specializing in the innovation, development, and manufacture of precious metal coated titanium anodes. Joe is an ASQ Certified Quality Engineer and holds a Bachelors of Science in Mechanical Engineering from The Ohio State University. Michael O’Donnell has 30 years of experience in engineering and manufacturing consulting, with most of that time spent at MAGNET. A Master Six Sigma Black Belt and licensed Professional Engineer, Michael orchestrates new consulting methods, training simulations, and workshops for various businesses. Michael holds a Bachelor of Science in Chemical Engineering from the University of Michigan and an MBA from the University of Richmond. S P E C I A L G U E S T Justus Scott CMMC Awareness Advisor Recently joining Ignyte, Justus brings previous experience working in BPM and RPA environments, helping Manufacturers adapt to the growing need for digital transformation. Justus' focus at Ignyte Assurance Platform is now helping Manufacturers with CMMC awareness and advisory.
MAGNET Introduction
Did you know… Average employee salary $72,000 #3 Ohio ranks third in the nation for manufacturing employment In Ohio, manufacturing accounts for more than 700,000 jobs 2016 Ohio Manufacturing Counts, Ohio Manufacturers Association Every manufacturing job drives 3.6 other jobs
Top 5 Growing Concerns Cyber Security and Online Hacking Costs of Healthcare Coverage Succession Planning and Future Leadership Managing Supply Chain Relationships Retirement of Skilled Workers 69% 47% 57% 40% 23% MAGNET 2018 NEO Manufacturing Survey, Under 250 employees, Q17 What are Northeast Ohio manufacturers most concerned about?
A not-for-profit consulting firm comprised of manufacturing experts who roll up our sleeves to transform smart ideas into top and bottom line company growth, resulting in good jobs for our cities and counties MAGNET’s aim is to add value and create economic impact so that: Jobs are being created The value of companies is increasing New products are being manufactured What is MAGNET?
Top-Line Growth Innovation/Technology Bottom-Line Efficiency MAGNET Growth Services …to create high quality jobs across Northeast Ohio that drive our economy forward, especially for small manufacturers MAGNET seeks to support manufacturers through hands-on consulting…
Business Growth Strategy Marketing Strategy and Execution Sales Enablement Top-Line Growth Innovation/Technolog y Bottom-Line Efficiency MAGNET Growth Services Recapture | Retain | Penetrate | Diversify Brand Identity, Differentiation, Market Messaging, Market Research, Product/Market Management, Lead Generation, Integrated Marketing Goal Setting, Pipeline Management, CRM, Sales Training, Sales Management, Target Account Strategy and Distributor Development MAGNET’s approach to top-line growth
MAGNET’s approach to innovation/technology Products, Processes and Automation New Product/Process Development Incorporating New Technologies Top-Line Growth Innovation/Technology Bottom-Line Efficiency MAGNET Growth Services Value engineering to take cost out User experience research to design better products Return on investment calculations Customer Discovery | Market Satisfaction Gap | Identification | Ideation | Market Validation | Prototyping Introductions to new technologies Assessments to identify uses and benefits of new technologies
MAGNET’s approach to bottom-line efficiency Top-Line Growth Innovation/Technolog y Bottom-Line Efficiency MAGNET Growth Services Skills Development Leadership and Culture Operational Excellence Focus on job skills and cross-training to promote standard work and workforce (link training to community colleges) Focus on systems improvement as set by leadership to increase customer value Focus on strategy and leadership of change efforts
MAGNET’s Goal: #3 #1 Toda y Tomorro w To support Ohio manufacturing in its journey to #1 in the USA
CMMC For Manufacturers
Potential Business Impacts Inadequate security controls leading to internal breach of CUI and FCI. ● Engineering Data & Drawings ● Internal Data Theft Report Cyber Incidents to DoD at http://dibnet.dod.mil within 72 Hours Increasing cost of both Technology & Compliance ● Decrease quality and effectiveness of current technology implementations Potential issues with Prime for not following contract flow down requirement. ● Loss of business revenue 3 Major SMB Impacts 1 3 2
CMMC Timeline
4 2 1 3 4 Main DFARS Rules DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting DFARS 252.204 7020: NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7019: Notice of NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
CMMC Levels Level Description 1 Consists of the 15 basic safeguarding requirements from FAR clause 52.204-21. 2 Consists of 65 security requirements from NIST SP 800-171 implemented via DFARS clause 252.204-7012, 7 CMMC practices, and 2 CMMC processes. Intended as an optional intermediary step for contractors as part of their progression to Level 3. 3 Consists of all 110 security requirements from NIST SP 800- 171, 20 CMMC practices, and 3 CMMC processes. 4 Consists of all 110 security requirements from NIST SP 800- 171, 46 CMMC practices, and 4 CMMC processes. 5 Consists of all 110 security requirements from NIST SP 800- 171, 61 CMMC practices, and 5 CMMC processes.
CMMC Level 1 ● Meeting the basic requirements to protect Federal Contract Information (FCI): ○ an up-to-date antivirus software application, ○ strong passwords, ○ unauthorized third parties protection. ● FCI is not intended for public release. ● Minimal efforts required to strengthen the cybersecurity defenses. Which CMMC level is right for your business? CMMC Level 2 ● Introducing Controlled Unclassified Information (CUI). ● Standard cybersecurity practices, policies, and strategic plans. ● Major subset of the security requirements specified in NIST SP 800-171. ● 55 new practices for a total of 72 total practices. CMMC Level 3 ● Good cyber hygiene and controls necessary to protect CUI. ● Continuous review of all activities based on their cybersecurity policy. ● All requirements specified in NIST SP 800-171 and other similar standards. ● 130 required security controls, grouped into 17 domains. CMMC Level 4 and Level 5 ● Addressing the changing tactics, techniques, and procedures used by Advanced Persistent Threats (APTs). ● Proactive cybersecurity program and standardized processes to achieve consistency across the entire organization. ● 171 security controls, which are grouped into 17 domains.
Understanding DFARS NIST 800-171 and CMMC Relationship Who needs to be DFARS compliant? All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards or risk losing their DoD contracts. Based on NIST Special Publication 800-171, manufacturers must implement these security controls through all levels of their supply chain. Where is DFARS included? DFARS clause 252.204-7012 is included in all solicitations and contracts, including those using Federal Acquisition Regulation (FAR) part 12 commercial item procedures, except for acquisitions solely for commercially available off- the-shelf (COTS) items. The clause requires contractors to apply the security requirements of NIST SP 800-171 to “covered contractor information systems”. How do NIST controls overlap with the emerging CMMC framework? NIST 800-171 is the backbone of the CMMC framework and it is required by all CMMC levels. For example, NIST domains cover 110 controls out of 130 required for Level 3 of CMMC. Would CMMC potentially replace NIST? The CMMC is an advanced step in the DoD’s efforts to properly secure the Defense Industrial Base (DIB). It complements and enforces NIST 800-171 as part of its requirements. Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171. NIST SP 800-171r1 CMMC REQUIREMENTS 20 Additional Practices 51 Maturity Processes DFARS REQUIREMENTS FedRAMP Mod Paragraphs C-G 72 Hour Report
Manufacturer Cyber Journey
Supplier Performance Risk System & Reports ● Cyber Score Submission Required ● Scores are based on NIST 800-171 Assessment ● SPRS Data is used for Source Selection ● Accessible By: ○ Government Personnel with Need to Know ○ Contractors (your own data only) ● Not Releasable Under Freedom of Information Act (FOIA)
Supplier Performance Risk System
Cost of Compliance for SMB ● Total Cost of Ownership for CMMC: 1. Program Development & Management 2. Technology & Engineering Implementation 3. Audit & Certification ● Pricing can range from $25K to $200K depending on several factors. ● Market pricing for 100% of CMMC requirements is not completely understood due to changing requirements and/or interpretation of requirements. *Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) CMMC Level Yearly Non- Recurring Engineering Yearly Recurring Engineering Yearly Assessment Costs++ Total Yearly Costs Level 1 $0 $0 $1,000 $1,000 Level 2 $407 $20,154 $7,489 $28,050 Level 3 $1,311 $41,666 $17,032 $60,009 Level 4 $46,917 $301,514 $23,355 $371,786 Level 5 $61,511 $384,666 $36,697 $482,874
MAGNET & IGNYTE Program Resources Resources are aligned with various stages of managing the CMMC program for Ohio small businesses Program Metrics & Management SSP & POA&M Deliverables Guided Assessment Training Program Deliverables ● DoD Training Website - https://securityhub.usalearning.gov/content/story.html ● Ignyte Institute Practitioner Level & Senior Management Training - https://www.ignyteinstitute.org/ ● CMMC System Security Plan Development - https://ignyteplatform.com/solutions/cmmc/ ● NIST 171 Documentaton - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final ● SSP & Other Plan of Action & Milestones (POA&M) - https://ignyteplatform.com/solutions/cmmc/
CMMC Education & Training Ignyte Institute Courses Senior Management Course (20 Mins) Practitioner Level Course (1 hour) DoD Issued CUI Training What is CUI and How to recognize it?
SMB Best Practices & Summary
Barriers & Impact of Doing Business ● Get trained ASAP & do not delay in learning about this new requirement ● Prepare for your SPRS Scores ○ Be aware of False Claims Act ● Proactively communicate with your prime on your progress ○ Primes will be accountable for “cleaning up” their supply chain ● Contact your MEP/MAGNET ○ Specialized Organization Designed to Help Manufacturers
Summary
Key Takeaways ✔Leverage MAGNET - primary Cyber resource ✔CMMC & NIST 171 ✔Total Cost of Ownership ✔Prepare for SPRS Scores ✔Start with a Program - Not IT Hardware ✔Get Help ASAP
Next Steps & Questions? Thank you Point of Contact Joe Vinciquerra Growth & Innovation Advisor Justus Scott CMMC Awareness Advisor Point of Contact justus@ignyteplatform.com jvinciquerra@manufacturingsuccess.org

Recommended

A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
IT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerIT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerHernan Huwyler, MBA CPA
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 

Recommended

A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationWilliam McBorrough
 
IT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerIT Governance Roles and Data Governance - Hernan Huwyler
IT Governance Roles and Data Governance - Hernan HuwylerHernan Huwyler, MBA CPA
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? PECB
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...PECB
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Mobile First, Security First!
Mobile First, Security First!Mobile First, Security First!
Mobile First, Security First!Tripwire
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply ChainIgnyte Assurance Platform
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
NIST 800-171 Simplifying CUI and DFARS Compliance
NIST 800-171 Simplifying CUI and DFARS ComplianceNIST 800-171 Simplifying CUI and DFARS Compliance
NIST 800-171 Simplifying CUI and DFARS ComplianceGovernment Technology & Services Coalition
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0Maganathin Veeraragaloo
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 

More Related Content

What's hot

Mobile First, Security First!
Mobile First, Security First!Mobile First, Security First!
Mobile First, Security First!Tripwire
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service PresentationWilliam McBorrough
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsEnergySec
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015Capgemini
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach Symantec
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityTripwire
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standartnewbie2019
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRPECB
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionMuhammad Akbar Yasin
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.IGN MANTRA
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergySec
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 

What's hot (20)

Mobile First, Security First!
Mobile First, Security First!Mobile First, Security First!
Mobile First, Security First!
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other SectorsICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
ICS Supply Chain Security: Learning from Recent Incidents and Other Sectors
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply Chain
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach How to Use the NIST CSF to Recover from a Healthcare Breach
How to Use the NIST CSF to Recover from a Healthcare Breach
 
NIST 800-171 Simplifying CUI and DFARS Compliance
NIST 800-171 Simplifying CUI and DFARS ComplianceNIST 800-171 Simplifying CUI and DFARS Compliance
NIST 800-171 Simplifying CUI and DFARS Compliance
 
TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0TOGAF 9 - Security Architecture Ver1 0
TOGAF 9 - Security Architecture Ver1 0
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for SecurityA Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
A Pragmatic Approach to SIEM: Buy for Compliance, Use for Security
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Chapter 10 security standart
Chapter 10 security standartChapter 10 security standart
Chapter 10 security standart
 
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPRHow an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
How an ISO/IEC 27001 Based ISMS Will Support the EU GDPR
 
Cybersecurity Framework - Introduction
Cybersecurity Framework - IntroductionCybersecurity Framework - Introduction
Cybersecurity Framework - Introduction
 
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 1st Session.
 
Energy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber ResiliencyEnergy Industry Organizational Strategies to Increase Cyber Resiliency
Energy Industry Organizational Strategies to Increase Cyber Resiliency
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 

Similar to Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors

Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable SolarWinds
 
UniqueSoft Overview
UniqueSoft OverviewUniqueSoft Overview
UniqueSoft Overviewbmskelly
 
Thinking out of the toolbox full deck
Thinking out of the toolbox full deckThinking out of the toolbox full deck
Thinking out of the toolbox full deckSusanna Harper
 
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...Rea & Associates
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan MMohan M
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalWilliam McBorrough
 
Manufacturing in the Digital Age - Securing Your Business with Effective IT a...
Manufacturing in the Digital Age - Securing Your Business with Effective IT a...Manufacturing in the Digital Age - Securing Your Business with Effective IT a...
Manufacturing in the Digital Age - Securing Your Business with Effective IT a...CareMIT Pty Ltd
 
Separation strategy presentation
Separation strategy presentationSeparation strategy presentation
Separation strategy presentationInvestorSymantec
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowInfosec
 
Softchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Corporation
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement William McBorrough
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCSA Argentina
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWithum
 
US Electronic Security Market Outlook 2020
US Electronic Security Market Outlook 2020US Electronic Security Market Outlook 2020
US Electronic Security Market Outlook 2020Neil Dave
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyEryk Budi Pratama
 
International Business Strategy Plan for a new or an emerging Start Up
International Business Strategy Plan for a new or an emerging Start Up International Business Strategy Plan for a new or an emerging Start Up
International Business Strategy Plan for a new or an emerging Start Up Chandandeep Singh
 

Similar to Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors (20)

Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable
 
UniqueSoft Overview
UniqueSoft OverviewUniqueSoft Overview
UniqueSoft Overview
 
Thinking out of the toolbox full deck
Thinking out of the toolbox full deckThinking out of the toolbox full deck
Thinking out of the toolbox full deck
 
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
 
CV of Mohan M
CV of Mohan MCV of Mohan M
CV of Mohan M
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
 
Manufacturing in the Digital Age - Securing Your Business with Effective IT a...
Manufacturing in the Digital Age - Securing Your Business with Effective IT a...Manufacturing in the Digital Age - Securing Your Business with Effective IT a...
Manufacturing in the Digital Age - Securing Your Business with Effective IT a...
 
Separation strategy presentation
Separation strategy presentationSeparation strategy presentation
Separation strategy presentation
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
 
Softchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey ResultsSoftchoice Security Consolidation Survey Results
Softchoice Security Consolidation Survey Results
 
MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
 
Csa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del cisoCsa summit la transformación digital y el nuevo rol del ciso
Csa summit la transformación digital y el nuevo rol del ciso
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
US Electronic Security Market Outlook 2020
US Electronic Security Market Outlook 2020US Electronic Security Market Outlook 2020
US Electronic Security Market Outlook 2020
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
International Business Strategy Plan for a new or an emerging Start Up
International Business Strategy Plan for a new or an emerging Start Up International Business Strategy Plan for a new or an emerging Start Up
International Business Strategy Plan for a new or an emerging Start Up
 

More from Ignyte Assurance Platform

How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...Ignyte Assurance Platform
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...Ignyte Assurance Platform
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBIgnyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedIgnyte Assurance Platform
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte Assurance Platform
 

More from Ignyte Assurance Platform (12)

How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
 
Ignyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud ComputingIgnyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud Computing
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIB
 
CMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment GuidanceCMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment Guidance
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
 

Recently uploaded

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 

Recently uploaded (20)

Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 

Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors

  • 1. LIVE WEBINAR 2 Mar 2021 1 – 2 PM EST Ignyte Assurance Platform hosted by MAGNET: The Manufacturing Advocacy and Growth Network Max Aulakh Founder & CEO Ignyte Assurance Platform Michael O'Donnell Vice President, Operations MAGNET Joe Vinciquerra Growth & Innovation Advisor MAGNET Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors Justus Scott CMMC Awareness Advisor Ignyte Assurance Platform
  • 2. Topics to Cover Today ● MAGNET Introduction ● DFAR Rules & Historical View Point ● CMMC Emerging Standard ● CMMC Levels ● SPRS Scoring ● Estimated Cost & Role of MAGNET ● Educational Resources for Cybersecurity Maturity Model Certification (CMMC) ● Summary & Next Steps
  • 3. Meet Our Speakers Max Aulakh Founder & CEO As a Data Security and Compliance Leader, he delivers DoD-tested security strategies and compliance that safeguard mission-critical IT operations. Having trained and excelled in The United States Air Force, he maintained and tested the InfoSec and ComSec functions of network hardware, software, and IT infrastructure for global networks — both classified and unclassified. He drove the Information Assurance (IA) programs for the U.S. Department of Defense (DoD). In 2012, Max founded Ignyte Assurance Platform, a cybersecurity company powered by a transformative GRC software engine, and its newest educational subsidiary, Ignyte Institute, to help accelerate CMMC adaptation among DoD prime and subcontractors. Michael O'Donnell Vice President, Operations Joe Vinciquerra Growth & Innovation Advisor With over 25 years of experience in engineering and manufacturing, Joe Vinciquerra has developed, sold, and delivered various growth and innovation services to companies in Northeast Ohio. Before joining the MAGNET team in 2016, he worked as a sales director and senior application engineer for Water Star Inc., a company specializing in the innovation, development, and manufacture of precious metal coated titanium anodes. Joe is an ASQ Certified Quality Engineer and holds a Bachelors of Science in Mechanical Engineering from The Ohio State University. Michael O’Donnell has 30 years of experience in engineering and manufacturing consulting, with most of that time spent at MAGNET. A Master Six Sigma Black Belt and licensed Professional Engineer, Michael orchestrates new consulting methods, training simulations, and workshops for various businesses. Michael holds a Bachelor of Science in Chemical Engineering from the University of Michigan and an MBA from the University of Richmond. S P E C I A L G U E S T Justus Scott CMMC Awareness Advisor Recently joining Ignyte, Justus brings previous experience working in BPM and RPA environments, helping Manufacturers adapt to the growing need for digital transformation. Justus' focus at Ignyte Assurance Platform is now helping Manufacturers with CMMC awareness and advisory.
  • 5. Did you know… Average employee salary $72,000 #3 Ohio ranks third in the nation for manufacturing employment In Ohio, manufacturing accounts for more than 700,000 jobs 2016 Ohio Manufacturing Counts, Ohio Manufacturers Association Every manufacturing job drives 3.6 other jobs
  • 6. Top 5 Growing Concerns Cyber Security and Online Hacking Costs of Healthcare Coverage Succession Planning and Future Leadership Managing Supply Chain Relationships Retirement of Skilled Workers 69% 47% 57% 40% 23% MAGNET 2018 NEO Manufacturing Survey, Under 250 employees, Q17 What are Northeast Ohio manufacturers most concerned about?
  • 7. A not-for-profit consulting firm comprised of manufacturing experts who roll up our sleeves to transform smart ideas into top and bottom line company growth, resulting in good jobs for our cities and counties MAGNET’s aim is to add value and create economic impact so that: Jobs are being created The value of companies is increasing New products are being manufactured What is MAGNET?
  • 8. Top-Line Growth Innovation/Technology Bottom-Line Efficiency MAGNET Growth Services …to create high quality jobs across Northeast Ohio that drive our economy forward, especially for small manufacturers MAGNET seeks to support manufacturers through hands-on consulting…
  • 9. Business Growth Strategy Marketing Strategy and Execution Sales Enablement Top-Line Growth Innovation/Technolog y Bottom-Line Efficiency MAGNET Growth Services Recapture | Retain | Penetrate | Diversify Brand Identity, Differentiation, Market Messaging, Market Research, Product/Market Management, Lead Generation, Integrated Marketing Goal Setting, Pipeline Management, CRM, Sales Training, Sales Management, Target Account Strategy and Distributor Development MAGNET’s approach to top-line growth
  • 10. MAGNET’s approach to innovation/technology Products, Processes and Automation New Product/Process Development Incorporating New Technologies Top-Line Growth Innovation/Technology Bottom-Line Efficiency MAGNET Growth Services Value engineering to take cost out User experience research to design better products Return on investment calculations Customer Discovery | Market Satisfaction Gap | Identification | Ideation | Market Validation | Prototyping Introductions to new technologies Assessments to identify uses and benefits of new technologies
  • 11. MAGNET’s approach to bottom-line efficiency Top-Line Growth Innovation/Technolog y Bottom-Line Efficiency MAGNET Growth Services Skills Development Leadership and Culture Operational Excellence Focus on job skills and cross-training to promote standard work and workforce (link training to community colleges) Focus on systems improvement as set by leadership to increase customer value Focus on strategy and leadership of change efforts
  • 12. MAGNET’s Goal: #3 #1 Toda y Tomorro w To support Ohio manufacturing in its journey to #1 in the USA
  • 14. Potential Business Impacts Inadequate security controls leading to internal breach of CUI and FCI. ● Engineering Data & Drawings ● Internal Data Theft Report Cyber Incidents to DoD at http://dibnet.dod.mil within 72 Hours Increasing cost of both Technology & Compliance ● Decrease quality and effectiveness of current technology implementations Potential issues with Prime for not following contract flow down requirement. ● Loss of business revenue 3 Major SMB Impacts 1 3 2
  • 16. 4 2 1 3 4 Main DFARS Rules DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting DFARS 252.204 7020: NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7019: Notice of NIST SP 800-171 DoD Assessment Requirements DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
  • 17. CMMC Levels Level Description 1 Consists of the 15 basic safeguarding requirements from FAR clause 52.204-21. 2 Consists of 65 security requirements from NIST SP 800-171 implemented via DFARS clause 252.204-7012, 7 CMMC practices, and 2 CMMC processes. Intended as an optional intermediary step for contractors as part of their progression to Level 3. 3 Consists of all 110 security requirements from NIST SP 800- 171, 20 CMMC practices, and 3 CMMC processes. 4 Consists of all 110 security requirements from NIST SP 800- 171, 46 CMMC practices, and 4 CMMC processes. 5 Consists of all 110 security requirements from NIST SP 800- 171, 61 CMMC practices, and 5 CMMC processes.
  • 18. CMMC Level 1 ● Meeting the basic requirements to protect Federal Contract Information (FCI): ○ an up-to-date antivirus software application, ○ strong passwords, ○ unauthorized third parties protection. ● FCI is not intended for public release. ● Minimal efforts required to strengthen the cybersecurity defenses. Which CMMC level is right for your business? CMMC Level 2 ● Introducing Controlled Unclassified Information (CUI). ● Standard cybersecurity practices, policies, and strategic plans. ● Major subset of the security requirements specified in NIST SP 800-171. ● 55 new practices for a total of 72 total practices. CMMC Level 3 ● Good cyber hygiene and controls necessary to protect CUI. ● Continuous review of all activities based on their cybersecurity policy. ● All requirements specified in NIST SP 800-171 and other similar standards. ● 130 required security controls, grouped into 17 domains. CMMC Level 4 and Level 5 ● Addressing the changing tactics, techniques, and procedures used by Advanced Persistent Threats (APTs). ● Proactive cybersecurity program and standardized processes to achieve consistency across the entire organization. ● 171 security controls, which are grouped into 17 domains.
  • 19. Understanding DFARS NIST 800-171 and CMMC Relationship Who needs to be DFARS compliant? All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards or risk losing their DoD contracts. Based on NIST Special Publication 800-171, manufacturers must implement these security controls through all levels of their supply chain. Where is DFARS included? DFARS clause 252.204-7012 is included in all solicitations and contracts, including those using Federal Acquisition Regulation (FAR) part 12 commercial item procedures, except for acquisitions solely for commercially available off- the-shelf (COTS) items. The clause requires contractors to apply the security requirements of NIST SP 800-171 to “covered contractor information systems”. How do NIST controls overlap with the emerging CMMC framework? NIST 800-171 is the backbone of the CMMC framework and it is required by all CMMC levels. For example, NIST domains cover 110 controls out of 130 required for Level 3 of CMMC. Would CMMC potentially replace NIST? The CMMC is an advanced step in the DoD’s efforts to properly secure the Defense Industrial Base (DIB). It complements and enforces NIST 800-171 as part of its requirements. Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171. NIST SP 800-171r1 CMMC REQUIREMENTS 20 Additional Practices 51 Maturity Processes DFARS REQUIREMENTS FedRAMP Mod Paragraphs C-G 72 Hour Report
  • 21. Supplier Performance Risk System & Reports ● Cyber Score Submission Required ● Scores are based on NIST 800-171 Assessment ● SPRS Data is used for Source Selection ● Accessible By: ○ Government Personnel with Need to Know ○ Contractors (your own data only) ● Not Releasable Under Freedom of Information Act (FOIA)
  • 23. Cost of Compliance for SMB ● Total Cost of Ownership for CMMC: 1. Program Development & Management 2. Technology & Engineering Implementation 3. Audit & Certification ● Pricing can range from $25K to $200K depending on several factors. ● Market pricing for 100% of CMMC requirements is not completely understood due to changing requirements and/or interpretation of requirements. *Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041) CMMC Level Yearly Non- Recurring Engineering Yearly Recurring Engineering Yearly Assessment Costs++ Total Yearly Costs Level 1 $0 $0 $1,000 $1,000 Level 2 $407 $20,154 $7,489 $28,050 Level 3 $1,311 $41,666 $17,032 $60,009 Level 4 $46,917 $301,514 $23,355 $371,786 Level 5 $61,511 $384,666 $36,697 $482,874
  • 24. MAGNET & IGNYTE Program Resources Resources are aligned with various stages of managing the CMMC program for Ohio small businesses Program Metrics & Management SSP & POA&M Deliverables Guided Assessment Training Program Deliverables ● DoD Training Website - https://securityhub.usalearning.gov/content/story.html ● Ignyte Institute Practitioner Level & Senior Management Training - https://www.ignyteinstitute.org/ ● CMMC System Security Plan Development - https://ignyteplatform.com/solutions/cmmc/ ● NIST 171 Documentaton - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final ● SSP & Other Plan of Action & Milestones (POA&M) - https://ignyteplatform.com/solutions/cmmc/
  • 25. CMMC Education & Training Ignyte Institute Courses Senior Management Course (20 Mins) Practitioner Level Course (1 hour) DoD Issued CUI Training What is CUI and How to recognize it?
  • 26. SMB Best Practices & Summary
  • 27. Barriers & Impact of Doing Business ● Get trained ASAP & do not delay in learning about this new requirement ● Prepare for your SPRS Scores ○ Be aware of False Claims Act ● Proactively communicate with your prime on your progress ○ Primes will be accountable for “cleaning up” their supply chain ● Contact your MEP/MAGNET ○ Specialized Organization Designed to Help Manufacturers
  • 29. Key Takeaways ✔Leverage MAGNET - primary Cyber resource ✔CMMC & NIST 171 ✔Total Cost of Ownership ✔Prepare for SPRS Scores ✔Start with a Program - Not IT Hardware ✔Get Help ASAP
  • 30. Next Steps & Questions? Thank you Point of Contact Joe Vinciquerra Growth & Innovation Advisor Justus Scott CMMC Awareness Advisor Point of Contact justus@ignyteplatform.com jvinciquerra@manufacturingsuccess.org