SlideShare a Scribd company logo
1 of 32
Webinar
Discover How CMMC Auditors
Recommend You Defend Your
Organization
Wednesday, March 22; 2:00pm ET; 11:00am PT
Q&A in Chat In partnership with:
Navigating Google Meet
Closed Captioning
Located on the bottom,
middle of your screen
Live Chat for Questions
Located on the bottom,
middle of your screen
Audio options
Listen through computer
speakers or click the three
dots and select “use a
phone for audio”
Activities
Access poll feature and
Q&A to ask questions and
answer polls
About Carahsoft Technology Corp.
Carahsoft Technology Corp. is a government-focused technology provider delivering information
technology products, services, and training to the Federal, State, Local and Education customers on
behalf of a select group of top-tier manufacturers.
Specialized Government teams focused on:
Google Solutions
VMware Solutions
F5 Solutions
Adobe Solutions
Open Source Solutions
Intelligence Solutions
HR/Workforce Automation Solutions
Cybersecurity Maturity Model Certification (CMMC)
What is CMMC?
• The Department of Defense’s effort to increase the overall cybersecurity
posture of the the defense industrial base and supply chain.
• Cybersecurity framework concerned with how a contractor controls information on
its IT Systems
• Tiered Model
• Cumulative maturity model, builds additional practices at each successive level
• Assessment Requirements:
• Self-Assessments
• Third-Party Assessments
• Government Assessments
• Implemented through Contracts
What does this mean for contractors?
• CMMC compliance will be critical to winning business with the Pentagon
• It will be a unified cybersecurity standard for DOD contractors.
• The initial implementation of CMMC will only affect DoD contracts, however
Civilian agencies are evaluating use of CMMC
Confidential and Proprietary
Carahsoft Confidential
Source:
https://www.acq.osd.mil/cmmc/model.html
Carahsoft is the trusted CMMC distributor
• We partner with great companies that address every CMMC maturity
level and capability domain
• Our CMMC subject matter experts can identify the right technology
for your unique environment
• We connect organizations with service providers and consultants that
help them prepare for CMMC audit
• We provide news, educational material, events, and other resources
to help organizations gather information and make decisions
• Please visit our website at carahsoft.com/CMMC
Confidential and Proprietary
Carahsoft Confidential
Carahsoft Solutions Portfolio
CMMC Products and Services
Confidential and Proprietary
CMMC
Technolo
gy
Vendors
Carahsoft Confidential
Understand solutions by CMMC Control Family
carah.io/CMMC
Confidential and Proprietary
Carahsoft Confidential
Explore Vendor solutions by CMMC domain
carah.io/CMMC
Confidential and Proprietary
Carahsoft Confidential
Acknowledgement & Disclaimer
These materials were prepared by the Ignyte Institute. These materials present general information about the law and are
not intended to provide legal advice about any particular set of circumstances. Legal advice may be given and relied upon
only on the basis of specific facts presented by a client to an attorney. Ignyte Institute and the authors of these materials
hereby disclaim any liability which may result from reliance on the information contained in these materials.
Meet Our Speakers
o Partner Solutions Evangelist
o Greg is a partner engineer with a background in infrastructure, networking,
security and cloud workload mobility.
o Has experience architecting private and public clouds around civilian and DoD
compliance frameworks.
o Tasked with technical enablement of Google’s distributors and partners.
Max Aulakh | Ignyte Founder & CEO
o Ignyte Assurance Platform™ AI enabled risk management software designed
to help Chief Security Officers in managing cyber & regulatory risk.
o Serves as CEO for multiple small businesses to help them manage technology
& cyber risk.
o After leaving the USAF, he drove the Information Assurance (IA) programs for
multiple Department of Defense (DoD) Agencies.
o Started his career as a security specialist in the United States Air Force
Greg Butler | Google
Agenda
● CMMC - Brief History
● Supplier Risk & Supplier Expectations
● Google Cloud & CMMC
● Next Up
● Q&A
CMMC Brief History
Brief CMMC History
• 2007, Government Established Defense Industrial Base (DIB)
Cybersecurity Task Force to protect CUI
• 2015, DoD contracts require Safeguarding Covered Defense
Information (CDI), a type of CUI, and Cyber Incident Reporting
with DFARS clause 252.204.7012
• 2016, NIST SP 800-171rev1 Released
• 2017, Deadline for contractors to implement 252.204.7012
• 2019, Development of CMMC program starts
CMMC 2.0 Roadmap
4 Main DFARS Rules
● DFARS 252.204 7012: Safeguarding
Covered Defense Information and Cyber
Incident Reporting
● DFARS 252.204 7020: NIST SP 800 171
DoD Assessment Requirements
● DFARS 252.204 7019: Notice of NIST SP
800 171 DoD Assessment Requirements
● DFARS 252.204 7021: Cybersecurity
Maturity Model Certification Requirements
Supplier & Federal Expectations
Basic Expectations
● Develop a corporate cybersecurity program
● Document your program
● Leverage cybersecurity enabling technology
● Self Assess your program
● Prepare for 3rd party audit
What CMMC Means to Subcontractors
● Primes have a reporting requirement
● Clauses (FAR and DFARs) flow down to
small business (all subcontractors).
● Primes are motivated to help but not
incentivized
● DoD’s current internal standard of enforcement
● Don’t tell me - show me
○ Practices versus controls
● Don’t just document it but prove it
○ Institutionalize
● Demonstrate that you can control flow of CUI within your
entire organization
○ Unrealistic enclaves, non-operational environments,
too much data flowing in hands of overseas
subcontractors, etc….
Implied Expectations
Leveraging Workspace & Ignyte
● Primary & Basic capabilities to secure CUI &
FCI flow
○ Email, Chat, Drive, etc…
● Organized & Documented
○ All Controls, policies, procedures, etc..
● Configured & Secured
CMMC + Google
The issue with
GovClouds
Constrained Disparate Expensive
The capacity of GovClouds is
limited, constraining elasticity
and restricting growth.
There is massive feature drift
between the commercial and
government offerings of
cloud service providers.
Commodity services cost 20%
to 40% more in GovCloud
regions because the economies
of scale are inhibited.
C D E
23
US Public Sector compliance and certifications
Federal
FedRAMP Moderate -
83+ Services - across 18 worldwide regions than
any other cloud provider.
21 Workspace Products and APIs
FedRAMP High
27+ GCP services across 7 US Regions
12 Workspace Products
NIST 800-171
NIST 800-53 Rev 4
DoD
DoD IL 2
DoD IL4 PA-Announcement
DoD IL5 PA - Announcement
DFARS - A number of Google Cloud products meet
NIST 800-171 or FedRamp requirements that can help
customers maintain DFARS compliance
CMMC - In Process
State and Local
IRS Pub 1075
FERPA - Pursuant to ISO 27018 controls and
contractual terms
CJIS
Other
ITAR - Private preview
Protected B - Canada
Sarbanes Oxley
HIPAA
FIPS L1 Validated
FIPS L3 Physical Validation
NIST 800-34 Contingency Planning
ISO 27001, 27017, 27018
SOC 1, 2, 3
Section 508, EN 301 549, WCAG
United States Regions
Google Cloud Platform operates in 10
Regions and 22 Availability Zones
within the United States. 17 Services
support regionalized configuration
support for data localization
requirements.
Workspace operates in 7 locations
across US and support US Data
regionalization across 10 different
services.
South Carolina
N. Virginia
Iowa
Oregon
Los Angeles
las Vegas
Available data centers
FedRAMP High
Salt Lake City
Oklahoma
Columbus
Dallas
Workspace Security
● All traffic at Google between the end user and Google’s Edge is encrypted in transit. All data is encrypted at rest on Google’s storage
● Zero-trust architecture - Workspace is secured by Google’s ZTA known as context-aware access
● Workspace users have on average 40% fewer security incidents than users of other cloud-based productivity suites
● Largest malware database in the world in VirusTotal
● 99.9%+ accuracy in blocking spam and email scams
● 10 million spam emails blocked from Gmail users every minute
● Titan security chip - reduced “vendor in the middle” risk
Security Investigation
● Search all Gmail activity
● Search Google Drive - Instantly find all files that have been shared outside
of the organization
● Manage permissions for files inside of Google Drive quickly
Google - CMMC Status
● DoD has not yet completed rulemaking
● Until rulemaking is competed, accreditation cannot be
performed by a C3PAO
● A readiness review has been completed by a C3PAO and
both GCP and Workspace are ready for a CMMC
accreditation assessment based on current draft rules
● Accreditation assessment anticipated in early 2024 based
on forecasted final rules publishing
Summary
● Brief History
● CMMC 2.0 Roadmap
● Implied Expectations
● Google Workspace
Recap
Q&A
Thank you
www.ignyteplatform.com
info@ignyteplatform.com
1.833.IGNYTE1
5818 Wilmington Pike,
Centerville, OH 45459-7004
Max Aulakh
Managing Director
max@ignyteplatform.com
937-789-4216
For more information, contact:
Brandon Kennedy
Brandon.Kennedy@carahsoft.com
571-662-4278

More Related Content

Similar to How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2023.pptx

Modern Architectures
Modern ArchitecturesModern Architectures
Modern ArchitecturesSecureAuth
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudCompTIA UK
 
Pinning Down Cloud Computing
Pinning Down Cloud ComputingPinning Down Cloud Computing
Pinning Down Cloud ComputingYankee Group
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? Jorge García
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?Kurt Hagerman
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StoryCloudLock
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation:  The Need for  Cybersecurity in  U.S. ManufacturingLaying the Foundation:  The Need for  Cybersecurity in  U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
3433 IBM messaging security why securing your environment is important-feb2...
3433   IBM messaging security why securing your environment is important-feb2...3433   IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...Robert Parker
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...Leif Davidsen
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldHao Tran
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldInside Analysis
 
UniqueSoft Overview
UniqueSoft OverviewUniqueSoft Overview
UniqueSoft Overviewbmskelly
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM
 
Identity privacy and data protection in the cloud – what is being done is it ...
Identity privacy and data protection in the cloud – what is being done is it ...Identity privacy and data protection in the cloud – what is being done is it ...
Identity privacy and data protection in the cloud – what is being done is it ...Mark Skilton
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
It Capabilities.2009
It Capabilities.2009It Capabilities.2009
It Capabilities.2009Diontealley
 
Innovative-Consulting Technology Capabilities. Statement
Innovative-Consulting Technology Capabilities. StatementInnovative-Consulting Technology Capabilities. Statement
Innovative-Consulting Technology Capabilities. StatementDiontealley
 
Grc (V3) Brown Yarberry For Feb 10th Keynote Presentation
Grc  (V3)   Brown Yarberry   For Feb 10th Keynote PresentationGrc  (V3)   Brown Yarberry   For Feb 10th Keynote Presentation
Grc (V3) Brown Yarberry For Feb 10th Keynote PresentationWilliam Yarberry
 
FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)Wendy Knox Everette
 

Similar to How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2023.pptx (20)

Modern Architectures
Modern ArchitecturesModern Architectures
Modern Architectures
 
EMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the CloudEMEA10: Trepidation in Moving to the Cloud
EMEA10: Trepidation in Moving to the Cloud
 
Pinning Down Cloud Computing
Pinning Down Cloud ComputingPinning Down Cloud Computing
Pinning Down Cloud Computing
 
MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night? MBT Webinar: Does the security of your business data keep you up at night?
MBT Webinar: Does the security of your business data keep you up at night?
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 
Securing The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's StorySecuring The Reality of Multiple Cloud Apps: Pandora's Story
Securing The Reality of Multiple Cloud Apps: Pandora's Story
 
NG-Brochure
NG-BrochureNG-Brochure
NG-Brochure
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation:  The Need for  Cybersecurity in  U.S. ManufacturingLaying the Foundation:  The Need for  Cybersecurity in  U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
3433 IBM messaging security why securing your environment is important-feb2...
3433   IBM messaging security why securing your environment is important-feb2...3433   IBM messaging security why securing your environment is important-feb2...
3433 IBM messaging security why securing your environment is important-feb2...
 
IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...IBM Messaging Security - Why securing your environment is important : IBM Int...
IBM Messaging Security - Why securing your environment is important : IBM Int...
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
 
UniqueSoft Overview
UniqueSoft OverviewUniqueSoft Overview
UniqueSoft Overview
 
IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer IBM Relay 2015: Cloud is All About the Customer
IBM Relay 2015: Cloud is All About the Customer
 
Identity privacy and data protection in the cloud – what is being done is it ...
Identity privacy and data protection in the cloud – what is being done is it ...Identity privacy and data protection in the cloud – what is being done is it ...
Identity privacy and data protection in the cloud – what is being done is it ...
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
It Capabilities.2009
It Capabilities.2009It Capabilities.2009
It Capabilities.2009
 
Innovative-Consulting Technology Capabilities. Statement
Innovative-Consulting Technology Capabilities. StatementInnovative-Consulting Technology Capabilities. Statement
Innovative-Consulting Technology Capabilities. Statement
 
Grc (V3) Brown Yarberry For Feb 10th Keynote Presentation
Grc  (V3)   Brown Yarberry   For Feb 10th Keynote PresentationGrc  (V3)   Brown Yarberry   For Feb 10th Keynote Presentation
Grc (V3) Brown Yarberry For Feb 10th Keynote Presentation
 
FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)FedRAMP Is Broken (And here's how to fix it)
FedRAMP Is Broken (And here's how to fix it)
 

More from Ignyte Assurance Platform

How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...Ignyte Assurance Platform
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBIgnyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedIgnyte Assurance Platform
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte Assurance Platform
 

More from Ignyte Assurance Platform (16)

Ignyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud ComputingIgnyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud Computing
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained:  Impact for SMBsCMMC 2.0 Explained:  Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIB
 
CMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment GuidanceCMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment Guidance
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply Chain
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
 

Recently uploaded

Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 

Recently uploaded (20)

Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 

How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2023.pptx

  • 1. Webinar Discover How CMMC Auditors Recommend You Defend Your Organization Wednesday, March 22; 2:00pm ET; 11:00am PT Q&A in Chat In partnership with:
  • 2. Navigating Google Meet Closed Captioning Located on the bottom, middle of your screen Live Chat for Questions Located on the bottom, middle of your screen Audio options Listen through computer speakers or click the three dots and select “use a phone for audio” Activities Access poll feature and Q&A to ask questions and answer polls
  • 3. About Carahsoft Technology Corp. Carahsoft Technology Corp. is a government-focused technology provider delivering information technology products, services, and training to the Federal, State, Local and Education customers on behalf of a select group of top-tier manufacturers. Specialized Government teams focused on: Google Solutions VMware Solutions F5 Solutions Adobe Solutions Open Source Solutions Intelligence Solutions HR/Workforce Automation Solutions
  • 4. Cybersecurity Maturity Model Certification (CMMC) What is CMMC? • The Department of Defense’s effort to increase the overall cybersecurity posture of the the defense industrial base and supply chain. • Cybersecurity framework concerned with how a contractor controls information on its IT Systems • Tiered Model • Cumulative maturity model, builds additional practices at each successive level • Assessment Requirements: • Self-Assessments • Third-Party Assessments • Government Assessments • Implemented through Contracts What does this mean for contractors? • CMMC compliance will be critical to winning business with the Pentagon • It will be a unified cybersecurity standard for DOD contractors. • The initial implementation of CMMC will only affect DoD contracts, however Civilian agencies are evaluating use of CMMC Confidential and Proprietary Carahsoft Confidential Source: https://www.acq.osd.mil/cmmc/model.html
  • 5. Carahsoft is the trusted CMMC distributor • We partner with great companies that address every CMMC maturity level and capability domain • Our CMMC subject matter experts can identify the right technology for your unique environment • We connect organizations with service providers and consultants that help them prepare for CMMC audit • We provide news, educational material, events, and other resources to help organizations gather information and make decisions • Please visit our website at carahsoft.com/CMMC Confidential and Proprietary Carahsoft Confidential
  • 6. Carahsoft Solutions Portfolio CMMC Products and Services Confidential and Proprietary CMMC Technolo gy Vendors Carahsoft Confidential
  • 7. Understand solutions by CMMC Control Family carah.io/CMMC Confidential and Proprietary Carahsoft Confidential
  • 8. Explore Vendor solutions by CMMC domain carah.io/CMMC Confidential and Proprietary Carahsoft Confidential
  • 9. Acknowledgement & Disclaimer These materials were prepared by the Ignyte Institute. These materials present general information about the law and are not intended to provide legal advice about any particular set of circumstances. Legal advice may be given and relied upon only on the basis of specific facts presented by a client to an attorney. Ignyte Institute and the authors of these materials hereby disclaim any liability which may result from reliance on the information contained in these materials.
  • 10. Meet Our Speakers o Partner Solutions Evangelist o Greg is a partner engineer with a background in infrastructure, networking, security and cloud workload mobility. o Has experience architecting private and public clouds around civilian and DoD compliance frameworks. o Tasked with technical enablement of Google’s distributors and partners. Max Aulakh | Ignyte Founder & CEO o Ignyte Assurance Platform™ AI enabled risk management software designed to help Chief Security Officers in managing cyber & regulatory risk. o Serves as CEO for multiple small businesses to help them manage technology & cyber risk. o After leaving the USAF, he drove the Information Assurance (IA) programs for multiple Department of Defense (DoD) Agencies. o Started his career as a security specialist in the United States Air Force Greg Butler | Google
  • 11. Agenda ● CMMC - Brief History ● Supplier Risk & Supplier Expectations ● Google Cloud & CMMC ● Next Up ● Q&A
  • 13. Brief CMMC History • 2007, Government Established Defense Industrial Base (DIB) Cybersecurity Task Force to protect CUI • 2015, DoD contracts require Safeguarding Covered Defense Information (CDI), a type of CUI, and Cyber Incident Reporting with DFARS clause 252.204.7012 • 2016, NIST SP 800-171rev1 Released • 2017, Deadline for contractors to implement 252.204.7012 • 2019, Development of CMMC program starts
  • 15. 4 Main DFARS Rules ● DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting ● DFARS 252.204 7020: NIST SP 800 171 DoD Assessment Requirements ● DFARS 252.204 7019: Notice of NIST SP 800 171 DoD Assessment Requirements ● DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
  • 16. Supplier & Federal Expectations
  • 17. Basic Expectations ● Develop a corporate cybersecurity program ● Document your program ● Leverage cybersecurity enabling technology ● Self Assess your program ● Prepare for 3rd party audit
  • 18. What CMMC Means to Subcontractors ● Primes have a reporting requirement ● Clauses (FAR and DFARs) flow down to small business (all subcontractors). ● Primes are motivated to help but not incentivized
  • 19. ● DoD’s current internal standard of enforcement ● Don’t tell me - show me ○ Practices versus controls ● Don’t just document it but prove it ○ Institutionalize ● Demonstrate that you can control flow of CUI within your entire organization ○ Unrealistic enclaves, non-operational environments, too much data flowing in hands of overseas subcontractors, etc…. Implied Expectations
  • 20. Leveraging Workspace & Ignyte ● Primary & Basic capabilities to secure CUI & FCI flow ○ Email, Chat, Drive, etc… ● Organized & Documented ○ All Controls, policies, procedures, etc.. ● Configured & Secured
  • 22. The issue with GovClouds Constrained Disparate Expensive The capacity of GovClouds is limited, constraining elasticity and restricting growth. There is massive feature drift between the commercial and government offerings of cloud service providers. Commodity services cost 20% to 40% more in GovCloud regions because the economies of scale are inhibited. C D E
  • 23. 23 US Public Sector compliance and certifications Federal FedRAMP Moderate - 83+ Services - across 18 worldwide regions than any other cloud provider. 21 Workspace Products and APIs FedRAMP High 27+ GCP services across 7 US Regions 12 Workspace Products NIST 800-171 NIST 800-53 Rev 4 DoD DoD IL 2 DoD IL4 PA-Announcement DoD IL5 PA - Announcement DFARS - A number of Google Cloud products meet NIST 800-171 or FedRamp requirements that can help customers maintain DFARS compliance CMMC - In Process State and Local IRS Pub 1075 FERPA - Pursuant to ISO 27018 controls and contractual terms CJIS Other ITAR - Private preview Protected B - Canada Sarbanes Oxley HIPAA FIPS L1 Validated FIPS L3 Physical Validation NIST 800-34 Contingency Planning ISO 27001, 27017, 27018 SOC 1, 2, 3 Section 508, EN 301 549, WCAG
  • 24. United States Regions Google Cloud Platform operates in 10 Regions and 22 Availability Zones within the United States. 17 Services support regionalized configuration support for data localization requirements. Workspace operates in 7 locations across US and support US Data regionalization across 10 different services. South Carolina N. Virginia Iowa Oregon Los Angeles las Vegas Available data centers FedRAMP High Salt Lake City Oklahoma Columbus Dallas
  • 25. Workspace Security ● All traffic at Google between the end user and Google’s Edge is encrypted in transit. All data is encrypted at rest on Google’s storage ● Zero-trust architecture - Workspace is secured by Google’s ZTA known as context-aware access ● Workspace users have on average 40% fewer security incidents than users of other cloud-based productivity suites ● Largest malware database in the world in VirusTotal ● 99.9%+ accuracy in blocking spam and email scams ● 10 million spam emails blocked from Gmail users every minute ● Titan security chip - reduced “vendor in the middle” risk
  • 26. Security Investigation ● Search all Gmail activity ● Search Google Drive - Instantly find all files that have been shared outside of the organization ● Manage permissions for files inside of Google Drive quickly
  • 27. Google - CMMC Status ● DoD has not yet completed rulemaking ● Until rulemaking is competed, accreditation cannot be performed by a C3PAO ● A readiness review has been completed by a C3PAO and both GCP and Workspace are ready for a CMMC accreditation assessment based on current draft rules ● Accreditation assessment anticipated in early 2024 based on forecasted final rules publishing
  • 29. ● Brief History ● CMMC 2.0 Roadmap ● Implied Expectations ● Google Workspace Recap
  • 30. Q&A
  • 31. Thank you www.ignyteplatform.com info@ignyteplatform.com 1.833.IGNYTE1 5818 Wilmington Pike, Centerville, OH 45459-7004 Max Aulakh Managing Director max@ignyteplatform.com 937-789-4216
  • 32. For more information, contact: Brandon Kennedy Brandon.Kennedy@carahsoft.com 571-662-4278