Join our webinar hosted by MAGNET: The Manufacturing Advocacy and Growth Network. As the NIST and Ohio MEP program advocates, we’ve invited a leader of our technological and educational cybersecurity partner, Ignyte Institute, for a conversation on how to get on board with the emerging Cybersecurity Maturity Model Certification (CMMC). This webinar will give a detailed and realistic overview of all cybersecurity frameworks and regulations required to continue working on existing projects or bid on future contracts as Department of Defense (DoD) prime and subcontractor. Our goal is to help you assess your current state of Governance, Risk Management, and Compliance (GRC), and provide you overall guidance on a smooth transition to the new regulatory norms in order to ensure that Ohio-based businesses maintain their competitive edge in the Defense Industrial Base (DIB).
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
1. LIVE WEBINAR 2 Mar 2021 1 – 2 PM EST
Ignyte Assurance Platform hosted by MAGNET: The Manufacturing Advocacy and Growth Network
Max Aulakh
Founder & CEO
Ignyte Assurance Platform
Michael O'Donnell
Vice President, Operations
MAGNET
Joe Vinciquerra
Growth & Innovation Advisor
MAGNET
Full Cybersecurity Regulations Overview
for DoD Prime and Subcontractors
Justus Scott
CMMC Awareness Advisor
Ignyte Assurance Platform
2. Topics to Cover Today
● MAGNET Introduction
● DFAR Rules & Historical View Point
● CMMC Emerging Standard
● CMMC Levels
● SPRS Scoring
● Estimated Cost & Role of MAGNET
● Educational Resources for Cybersecurity
Maturity Model Certification (CMMC)
● Summary & Next Steps
3. Meet Our Speakers
Max Aulakh
Founder & CEO
As a Data Security and Compliance Leader, he delivers
DoD-tested security strategies and compliance that
safeguard mission-critical IT operations. Having trained and
excelled in The United States Air Force, he maintained and
tested the InfoSec and ComSec functions of network
hardware, software, and IT infrastructure for global networks
— both classified and unclassified. He drove the Information
Assurance (IA) programs for the U.S. Department of
Defense (DoD). In 2012, Max founded Ignyte Assurance
Platform, a cybersecurity company powered by a
transformative GRC software engine, and its newest
educational subsidiary, Ignyte Institute, to help accelerate
CMMC adaptation among DoD prime and subcontractors.
Michael O'Donnell
Vice President, Operations
Joe Vinciquerra
Growth & Innovation Advisor
With over 25 years of experience in engineering
and manufacturing, Joe Vinciquerra has
developed, sold, and delivered various growth
and innovation services to companies in
Northeast Ohio. Before joining the MAGNET
team in 2016, he worked as a sales director and
senior application engineer for Water Star Inc.,
a company specializing in the innovation,
development, and manufacture of precious
metal coated titanium anodes. Joe is an ASQ
Certified Quality Engineer and holds
a Bachelors of Science in Mechanical
Engineering from The Ohio State University.
Michael O’Donnell has 30 years of
experience in engineering and manufacturing
consulting, with most of that time spent at
MAGNET. A Master Six Sigma Black Belt
and licensed Professional Engineer, Michael
orchestrates new consulting methods,
training simulations, and workshops for
various businesses. Michael holds a
Bachelor of Science in Chemical Engineering
from the University of Michigan and an MBA
from the University of Richmond.
S
P
E
C
I
A
L
G
U
E
S
T
Justus Scott
CMMC Awareness Advisor
Recently joining Ignyte, Justus brings
previous experience working in BPM and
RPA environments, helping Manufacturers
adapt to the growing need for digital
transformation. Justus' focus at Ignyte
Assurance Platform is now helping
Manufacturers with CMMC awareness
and advisory.
5. Did you know…
Average
employee salary
$72,000
#3 Ohio ranks third in the nation for manufacturing employment
In Ohio, manufacturing
accounts for more than
700,000 jobs
2016 Ohio Manufacturing Counts, Ohio Manufacturers Association
Every manufacturing
job drives
3.6 other jobs
6. Top 5 Growing Concerns
Cyber Security and Online Hacking
Costs of Healthcare Coverage
Succession Planning and Future
Leadership
Managing Supply Chain
Relationships
Retirement of
Skilled
Workers
69%
47%
57%
40%
23%
MAGNET 2018 NEO Manufacturing Survey, Under 250 employees, Q17
What are Northeast Ohio manufacturers most concerned about?
7. A not-for-profit consulting firm comprised of manufacturing experts who roll up our sleeves to transform
smart ideas into top and bottom line company growth, resulting in good jobs for our cities and counties
MAGNET’s aim is to add value and
create economic impact so that:
Jobs are being created
The value of companies is increasing
New products are being manufactured
What is MAGNET?
9. Business Growth Strategy
Marketing Strategy and Execution
Sales Enablement
Top-Line Growth
Innovation/Technolog
y
Bottom-Line Efficiency
MAGNET
Growth
Services
Recapture | Retain | Penetrate | Diversify
Brand Identity, Differentiation, Market Messaging,
Market Research, Product/Market Management,
Lead Generation, Integrated Marketing
Goal Setting, Pipeline Management, CRM, Sales
Training, Sales Management, Target Account
Strategy and Distributor Development
MAGNET’s approach to top-line growth
10. MAGNET’s approach to innovation/technology
Products, Processes and Automation
New Product/Process Development
Incorporating New Technologies
Top-Line
Growth
Innovation/Technology
Bottom-Line Efficiency
MAGNET
Growth
Services
Value engineering to take cost out
User experience research to design better products
Return on investment calculations
Customer Discovery | Market Satisfaction Gap |
Identification | Ideation | Market Validation | Prototyping
Introductions to new technologies
Assessments to identify uses and benefits of new
technologies
11. MAGNET’s approach to bottom-line efficiency
Top-Line
Growth
Innovation/Technolog
y
Bottom-Line Efficiency
MAGNET
Growth
Services
Skills Development
Leadership and Culture
Operational Excellence
Focus on job skills and cross-training to promote standard
work and workforce (link training to community colleges)
Focus on systems improvement as set by leadership to
increase customer value
Focus on strategy and leadership of change efforts
14. Potential Business Impacts
Inadequate security controls leading
to internal breach of CUI and FCI.
● Engineering Data & Drawings
● Internal Data Theft
Report Cyber Incidents to DoD at
http://dibnet.dod.mil within 72 Hours
Increasing cost of both
Technology & Compliance
● Decrease quality and
effectiveness of current
technology
implementations
Potential issues with Prime for not
following contract flow down
requirement.
● Loss of business revenue
3 Major SMB Impacts
1 3
2
16. 4
2
1
3
4 Main DFARS Rules
DFARS 252.204 7012:
Safeguarding Covered Defense
Information and Cyber Incident Reporting
DFARS 252.204 7020:
NIST SP 800-171 DoD Assessment
Requirements
DFARS 252.204 7019:
Notice of NIST SP 800-171 DoD
Assessment Requirements
DFARS 252.204 7021:
Cybersecurity Maturity Model Certification
Requirements
17. CMMC Levels
Level Description
1
Consists of the 15 basic safeguarding requirements from FAR
clause 52.204-21.
2
Consists of 65 security requirements from NIST SP 800-171
implemented via DFARS clause 252.204-7012, 7 CMMC
practices, and 2 CMMC processes. Intended as an optional
intermediary step for contractors as part of their progression
to Level 3.
3
Consists of all 110 security requirements from NIST SP 800-
171, 20 CMMC practices, and 3 CMMC processes.
4
Consists of all 110 security requirements from NIST SP 800-
171, 46 CMMC practices, and 4 CMMC processes.
5
Consists of all 110 security requirements from NIST SP 800-
171, 61 CMMC practices, and 5 CMMC processes.
18. CMMC Level 1
● Meeting the basic requirements to protect Federal Contract Information (FCI):
○ an up-to-date antivirus software application,
○ strong passwords,
○ unauthorized third parties protection.
● FCI is not intended for public release.
● Minimal efforts required to strengthen the cybersecurity defenses.
Which CMMC level is right for your business?
CMMC Level 2
● Introducing Controlled Unclassified Information (CUI).
● Standard cybersecurity practices, policies, and strategic plans.
● Major subset of the security requirements specified in NIST SP 800-171.
● 55 new practices for a total of 72 total practices.
CMMC Level 3
● Good cyber hygiene and controls necessary to protect CUI.
● Continuous review of all activities based on their cybersecurity policy.
● All requirements specified in NIST SP 800-171 and other similar standards.
● 130 required security controls, grouped into 17 domains.
CMMC Level 4 and Level 5
● Addressing the changing tactics, techniques, and procedures used by Advanced
Persistent Threats (APTs).
● Proactive cybersecurity program and standardized processes to achieve
consistency across the entire organization.
● 171 security controls, which are grouped into 17 domains.
19. Understanding DFARS NIST 800-171 and CMMC Relationship
Who needs to be DFARS compliant?
All DoD contractors that process, store or transmit Controlled Unclassified
Information (CUI) must meet DFARS minimum security standards or risk losing
their DoD contracts. Based on NIST Special Publication 800-171, manufacturers
must implement these security controls through all levels of their supply chain.
Where is DFARS included?
DFARS clause 252.204-7012 is included in all solicitations and contracts, including
those using Federal Acquisition Regulation (FAR) part 12 commercial item
procedures, except for acquisitions solely for commercially available
off- the-shelf (COTS) items. The clause requires contractors to apply the security
requirements of NIST SP 800-171 to “covered contractor information systems”.
How do NIST controls overlap with the emerging CMMC framework?
NIST 800-171 is the backbone of the CMMC framework and it is required by all
CMMC levels. For example, NIST domains cover 110 controls out of 130 required
for Level 3 of CMMC.
Would CMMC potentially replace NIST?
The CMMC is an advanced step in the DoD’s efforts to properly secure the Defense
Industrial Base (DIB). It complements and enforces NIST 800-171
as part of its requirements.
Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to
produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171.
NIST SP
800-171r1
CMMC
REQUIREMENTS
20 Additional Practices
51 Maturity Processes
DFARS
REQUIREMENTS
FedRAMP Mod
Paragraphs C-G
72 Hour Report
21. Supplier Performance Risk System & Reports
● Cyber Score Submission Required
● Scores are based on NIST 800-171 Assessment
● SPRS Data is used for Source Selection
● Accessible By:
○ Government Personnel with Need to Know
○ Contractors (your own data only)
● Not Releasable Under Freedom of Information Act (FOIA)
23. Cost of Compliance for SMB
● Total Cost of Ownership for CMMC:
1. Program Development & Management
2. Technology & Engineering Implementation
3. Audit & Certification
● Pricing can range from $25K to $200K
depending on several factors.
● Market pricing for 100% of CMMC requirements
is not completely understood due to changing
requirements and/or interpretation of
requirements.
*Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)
CMMC
Level
Yearly Non-
Recurring
Engineering
Yearly
Recurring
Engineering
Yearly
Assessment
Costs++
Total
Yearly
Costs
Level 1 $0 $0 $1,000 $1,000
Level 2 $407 $20,154 $7,489 $28,050
Level 3 $1,311 $41,666 $17,032 $60,009
Level 4 $46,917 $301,514 $23,355 $371,786
Level 5 $61,511 $384,666 $36,697 $482,874
24. MAGNET & IGNYTE Program Resources
Resources are aligned with various stages of managing the CMMC program for Ohio small businesses
Program Metrics &
Management
SSP & POA&M
Deliverables
Guided Assessment
Training
Program Deliverables
● DoD Training Website - https://securityhub.usalearning.gov/content/story.html
● Ignyte Institute Practitioner Level & Senior Management Training - https://www.ignyteinstitute.org/
● CMMC System Security Plan Development - https://ignyteplatform.com/solutions/cmmc/
● NIST 171 Documentaton - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
● SSP & Other Plan of Action & Milestones (POA&M) - https://ignyteplatform.com/solutions/cmmc/
25. CMMC Education & Training
Ignyte Institute Courses
Senior Management Course (20 Mins)
Practitioner Level Course (1 hour)
DoD Issued CUI Training
What is CUI and How to recognize it?
27. Barriers & Impact of Doing Business
● Get trained ASAP & do not delay in learning about this new requirement
● Prepare for your SPRS Scores
○ Be aware of False Claims Act
● Proactively communicate with your prime on your progress
○ Primes will be accountable for “cleaning up” their supply chain
● Contact your MEP/MAGNET
○ Specialized Organization Designed to Help Manufacturers
29. Key Takeaways
✔Leverage MAGNET - primary Cyber resource
✔CMMC & NIST 171
✔Total Cost of Ownership
✔Prepare for SPRS Scores
✔Start with a Program - Not IT Hardware
✔Get Help ASAP
30. Next Steps & Questions?
Thank you
Point of Contact
Joe Vinciquerra
Growth & Innovation
Advisor
Justus Scott
CMMC Awareness
Advisor
Point of Contact
justus@ignyteplatform.com jvinciquerra@manufacturingsuccess.org