SlideShare a Scribd company logo

How I Woke Up from the CMMC Compliance Nightmare

Download as PPTX, PDF
Ignyte Assurance Platform
Ignyte Assurance Platform

This presentation was developed to accompany the live webinar hosted by Federal Publications Seminars. Guests included Bryan Van Brunt, Founder of Van Brunt Law Firm, P.A, and Max Aulakh, Founder & CEO of Ignyte Assurance Platform and Ignyte Institute, who discussed how to get on board with the emerging Cybersecurity Maturity Model Certification (CMMC) compliance regulations and to be able to continue working with the DoD as a prime or subcontractor after the interim rule comes into effect. It gives you both legal and technical perspectives on how to protect your business and maintain a competitive advantage, explains what tools and manpower are required to become compliant within the optimal period of time and with limited IT resources. Speakers also shared important lessons learned while running NIST and CMMC projects.

Software
1 of 27
LIVE WEBINAR How I Woke Up from the CMMC Compliance Nightmare 12 Jan 2021 1 PM EST Hosted by Federal Publications Seminars Bryan Van Brunt Founder Max Aulakh Founder & CEO
Acknowledgement & Disclaimer These materials were prepared by the attorneys at the law firm of Van Brunt Law Firm, P. A. These materials present general information about the law and are not intended to provide legal advice about any particular set of circumstances. Legal advice may be given and relied upon only on the basis of specific facts presented by a client to an attorney. Van Brunt Law Firm, P. A. and the authors of these materials hereby disclaim any liability which may result from reliance on the information contained in these materials.
Topics to Cover Today • Overview of Cybersecurity Maturity Model Certification (CMMC) • Understanding DFARS NIST 800-171 and CMMC relationship • Factors involved in determining the right level of CMMC • Resources and efforts required to obtain the appropriate level of CMMC • Consequences of non-compliance after the rule comes into effect • Lessons learned in CMMC/NIST implementations
Meet Our Speakers o Ignyte Assurance Platform™ AI enabled risk management software designed to help Chief Security Officers in managing cyber & regulatory risk. o Serves as CxO for multiple small businesses to help them manage technology & cyber risk. o After leaving the USAF, he drove the Information Assurance (IA) programs for multiple Department of Defense (DoD) Agencies. o Started his career as a security specialist in the United States Air Force o Van Brunt Law Firm, P.A. serves clients in the areas of Government Contracts, General Business Law, and Commercial Transactions. o Bryan serves as a General Counsel and COO for small and medium sized businesses in the defense industry. o Served as the Deputy General Counsel at General Dynamics for over 13 years focused on government contracts and general business law. o Started his legal career as an attorney (JAG) in the United States Air Force. Bryan Van Brunt Founder Max Aulakh Founder & CEO
CMMC Overview
Cybersecurity Maturity Model Certification. Closer Look • On September 29, 2020, The Department of Defense (DoD) issued an interim rule to amend DFARS to implement the Cybersecurity Maturity Model Certification (CMMC) framework. • So far, four draft versions of CMMC have been publicly released including the most recent, CMMC 1.02. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. • Built upon the NIST SP 800-171 DoD Assessment Methodology, the CMMC framework adds a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. • CMMC is designed to provide increased assurance to the DoD that a DIB contractor can adequately protect sensitive unclassified information such as Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.
CMMC Development Timeline *Diagram is taken from presentation by Ms. Katie Arrington Chief Information Security Officer for Acquisition. Distribution A. Approved for Public Release
Understanding DFARS NIST 800-171 and CMMC Relationship Who needs to be DFARS compliant? All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards or risk losing their DoD contracts. Based on NIST Special Publication 800-171, manufacturers must implement these security controls through all levels of their supply chain. Where is DFARS included? DFARS clause 252.204-7012 is included in all solicitations and contracts, including those using Federal Acquisition Regulation (FAR) part 12 commercial item procedures, except for acquisitions solely for commercially available off- the-shelf (COTS) items. The clause requires contractors to apply the security requirements of NIST SP 800-171 to “covered contractor information systems,” as defined in the clause, that are not part of an IT service or system operated on behalf of the Government. How do NIST controls overlap with the emerging CMMC framework? NIST 800-171 is the backbone of the CMMC framework and it is required by all CMMC levels. For example, NIST domains cover 110 controls out of 130 required for Level 3 of CMMC. Would CMMC potentially replace NIST? The CMMC is an advanced step in the DoD’s efforts to properly secure the Defense Industrial Base (DIB). It complements and enforces NIST 800-171 as part of its requirements. Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171. NIST SP 800-171r1 CMMC REQUIREMENTS 20 Additional Practices 51 Maturity Processes DFARS REQUIREMENTS FedRAMP Mod Paragraphs C-G 72 Hour Report
4 Main DFARS Rules ● DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting ● DFARS 252.204 7020: NIST SP 800 171 DoD Assessment Requirements ● DFARS 252.204 7019: Notice of NIST SP 800 171 DoD Assessment Requirements ● DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
CMMC Levels
CMMC Levels Level Description 1 Consists of the 15 basic safeguarding requirements from FAR clause 52.204-21. 2 Consists of 65 security requirements from NIST SP 800-171 implemented via DFARS clause 252.204-7012, 7 CMMC practices, and 2 CMMC processes. Intended as an optional intermediary step for contractors as part of their progression to Level 3. 3 Consists of all 110 security requirements from NIST SP 800- 171, 20 CMMC practices, and 3 CMMC processes. 4 Consists of all 110 security requirements from NIST SP 800- 171, 46 CMMC practices, and 4 CMMC processes. 5 Consists of all 110 security requirements from NIST SP 800- 171, 61 CMMC practices, and 5 CMMC processes.
Which CMMC level is right for your business? CMMC Level 1 ● Meeting the basic requirements to protect Federal Contract Information (FCI): ○ an up-to-date antivirus software application, ○ strong passwords, ○ unauthorized third parties protection. ● FCI is not intended for public release. ● Minimal efforts required to strengthen the cybersecurity defenses. CMMC Level 2 ● Introducing Controlled Unclassified Information (CUI) ● Standard cybersecurity practices, policies, and strategic plans. ● Major subset of the security requirements specified in NIST SP 800-171. ● 55 new practices for a total of 72 total practices. CMMC Level 3 ● Good cyber hygiene and controls necessary to protect CUI. ● Continuous review of all activities based on their cybersecurity policy. ● All requirements specified in NIST SP 800-171 and other similar standards. ● 130 required security controls, grouped into 17 domains. CMMC Level 4 and Level 5 ● Addressing the changing tactics, techniques, and procedures used by Advanced Persistent Threats (APTs). ● Proactive cybersecurity program and standardized processes to achieve consistency across the entire organization. ● 171 security controls, which are grouped into 17 domains.
Resources & Efforts
PROGRAM RESOURCES ● Resources are aligned with various stages of managing the CMMC program for small business Program Metrics & Management SSP & POA&M Deliverables Guided Assessment Training Program Deliverables ● DoD Training Website - https://securityhub.usalearning.gov/content/story.html ● Ignyte Institute Practitioner Level & Top Management Training - https://www.ignyteinstitute.org/ ● CMMC System Security Plan Development - https://www.dfars-nist-800-171.com/ ● NIST 171 Documentaton - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final ● SSP & Other Plan of Action & Milestones (POA&M) - https://www.dfars-nist-800-171.com/
CMMC Education & Training ● Ignyte Institute Courses ○ Senior Management Course (20 Mins) ○ Practitioner Level Course (1 hour) ○ www.ignyteinstitute.org ● DoD Issued CUI Training ○ What is CUI and How to recognize it ○ https://securityhub.usalearning.gov/content/sto ry.html
COST OF COMPLIANCE & LEVEL OF EFFORT
COST OF COMPLIANCE ● COST MANAGEMENT FACTORS ○ Program Development & Management ○ Technology & Engineering Implementation ○ Audit & Certification ● Pricing can range from $20K to $200K depending on several factors. ● Market pricing for 100% of CMMC requirements is not completely understood due to changing requirements and/or interpretation of requirements. https://www.federalregister.gov/documents/2020/09/29/2020-21123/defense- federal-acquisition-regulation-supplement-assessing-contractor-implementation-of
Small Businesses Expected Costs CMMC Level Yearly Non Recurring Engineering Yearly Recurring Engineering Costs Yearly Assessment Costs++ Total Yearly Costs Level 1 $0 $0 $1,000 $1,000 Level 2 $407 $20,154 $7,489 $28,050 Level 3 $1,311 $41,666 $17,032 $60,009 Level 4 $46,917 $301,514 $23,355 $371,786 Level 5 $61,511 $384,666 $36,697 $482,874 Cost depends on technology and level of internal maturity
Non-Compliance Risks
POTENTIAL SMB IMPACTS In-adequate security controls leading to internal breach of CUI and FCI. • Engineering Data & Drawings • Internal Data Theft Report Cyber Incidents to DoD at http://dibnet.dod.mil within 72 Hours Increasing cost of both Technology & Compliance ● Decrease quality and effectiveness of current technology implementations. Potential issues with Prime for not following contract flow down requirement. ● Loss of business revenue 3 Major SMB Impacts 1 3 2
Lessons Learned
Lessons Learned ● Implementation is multi-discipline (Not just an IT obligation) ○ IT and IT security ○ HR (training) ○ Physical security ○ Compliance/legal ○ Business leadership – implementation impacts operations ○ Employees
Lessons Learned. Continued ● Implementation requires a “Quarterback” and a program team ○ IT teams are not set up to Project Manage a cross-functional implementation ○ Dedicating an PM is imperative
Lessons Learned. Continued ● Vendors are all new at this ○ Even established firms lack expertise in CMMC compliance ○ Every system and set of processes is unique and requires new learning ● Implementation must be viewed as a change in company paradigm ○ People – Changing to a security mindset - It’s not virus protection and IT ○ Processes – Implementation of verifiable and auditable procedures (“show me, don’t just tell me”) ○ Technology – Implementation of technology that will require more steps and verification • i.e. sensitivity tagging, data categorization, multi-step access, new approvals
Lessons Learned. Continued ● Research solutions to ensure they are compatible and actually have the functionality your business needs. ○ Certified vendors with prior schemes ○ Certified Technology ● This is not going away. It may change, but this to fight a real war going on right now.
SUMMARY ● Develop a leadership & management agenda ○ Involve business leadership, legal and IT ● NIST 800-171 & CMMC Levels ● Total Cost of Ownership ○ Program Management ○ Technology ○ Audit ● Apply Lessons Learned
Questions? Thank you for attending Bryan Van Brunt Founder Max Aulakh Founder & CEO info@ignyteplatform.com

Recommended

DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview Ignyte Assurance Platform
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber ProgramIgnyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 Ignyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedIgnyte Assurance Platform
 
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceWilliam McBorrough
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply ChainIgnyte Assurance Platform
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 
The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?Unanet
 

Recommended

DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview Ignyte Assurance Platform
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber ProgramIgnyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 Ignyte Assurance Platform
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedIgnyte Assurance Platform
 
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceWilliam McBorrough
 
Securing the Supply Chain
Securing the Supply ChainSecuring the Supply Chain
Securing the Supply ChainIgnyte Assurance Platform
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 
The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?Unanet
 
Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationMurray Security Services
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221SALIH AHMED ISLAM
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramWilliam McBorrough
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
Educause+V4
Educause+V4Educause+V4
Educause+V4ecarrow
 
SIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkSIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkBernie Leung, P.E., CISSP
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentInfosec
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Unanet
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationInfosec
 
Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Unanet
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Cohesive Networks
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfAmyPoblete3
 

More Related Content

What's hot

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationMurray Security Services
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramWilliam McBorrough
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoMax Justice
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
Educause+V4
Educause+V4Educause+V4
Educause+V4ecarrow
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentInfosec
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Unanet
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security ManagementChristophe Briguet
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2newbie2019
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationInfosec
 
Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Unanet
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Cohesive Networks
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurAlan Yau Ti Dun
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Alan Yau Ti Dun
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatAlan Yau Ti Dun
 

What's hot (20)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a ciso
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
Educause+V4
Educause+V4Educause+V4
Educause+V4
 
SIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security FrameworkSIEM in NIST Cyber Security Framework
SIEM in NIST Cyber Security Framework
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessment
 
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
Huntsville GovCon Growth Summit 2020 - Summit 7 - Cybersecurity Maturity Mode...
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
 
Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748
 
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
Protecting Vital Data With NIST Framework - Patrick Kerpan's Secure260 presen...
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
 
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
Auditing & Assessing The Risk Of Cloud Service Providers at Auditworld 2015 ...
 
What's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security ThreatWhat's Next : A Trillion Event Logs, A Million Security Threat
What's Next : A Trillion Event Logs, A Million Security Threat
 

Similar to How I Woke Up from the CMMC Compliance Nightmare

Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfAmyPoblete3
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxJack Nichelson
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxJack Nichelson
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Robert E Jones
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable SolarWinds
 
CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023Withum
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowPECB
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWithum
 
Trackment
TrackmentTrackment
Trackmentmeaannn
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_PackageRandy B.
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...Ignyte Assurance Platform
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)NoCodeHardening
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 

Similar to How I Woke Up from the CMMC Compliance Nightmare (20)

Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable
 
CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
Trackment
TrackmentTrackment
Trackment
 
Security_360_Marketing_Package
Security_360_Marketing_PackageSecurity_360_Marketing_Package
Security_360_Marketing_Package
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 

More from Ignyte Assurance Platform

How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...Ignyte Assurance Platform
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBIgnyte Assurance Platform
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteIgnyte Assurance Platform
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsIgnyte Assurance Platform
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte Assurance Platform
 

More from Ignyte Assurance Platform (8)

Ignyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud ComputingIgnyte - US Sovereign Cloud Computing
Ignyte - US Sovereign Cloud Computing
 
NIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdfNIST_Ignyte_OSCALWorkshop_2022.pdf
NIST_Ignyte_OSCALWorkshop_2022.pdf
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
 
CMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIBCMMC 2.0 | What the changes mean for organizations in the DIB
CMMC 2.0 | What the changes mean for organizations in the DIB
 
CMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment GuidanceCMMC 2.0 I L1 & L2 Assessment Guidance
CMMC 2.0 I L1 & L2 Assessment Guidance
 
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with IgnyteMidway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
Midway Swiss Case Study: Journey towards CMMC Compliance with Ignyte
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.Ignyte assurance platform NIST RMF datasheet.
Ignyte assurance platform NIST RMF datasheet.
 

Recently uploaded

Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfPower Karaoke
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxnada99848
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 

Recently uploaded (20)

Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
The Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdfThe Evolution of Karaoke From Analog to App.pdf
The Evolution of Karaoke From Analog to App.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
software engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptxsoftware engineering Chapter 5 System modeling.pptx
software engineering Chapter 5 System modeling.pptx
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 

How I Woke Up from the CMMC Compliance Nightmare

  • 1. LIVE WEBINAR How I Woke Up from the CMMC Compliance Nightmare 12 Jan 2021 1 PM EST Hosted by Federal Publications Seminars Bryan Van Brunt Founder Max Aulakh Founder & CEO
  • 2. Acknowledgement & Disclaimer These materials were prepared by the attorneys at the law firm of Van Brunt Law Firm, P. A. These materials present general information about the law and are not intended to provide legal advice about any particular set of circumstances. Legal advice may be given and relied upon only on the basis of specific facts presented by a client to an attorney. Van Brunt Law Firm, P. A. and the authors of these materials hereby disclaim any liability which may result from reliance on the information contained in these materials.
  • 3. Topics to Cover Today • Overview of Cybersecurity Maturity Model Certification (CMMC) • Understanding DFARS NIST 800-171 and CMMC relationship • Factors involved in determining the right level of CMMC • Resources and efforts required to obtain the appropriate level of CMMC • Consequences of non-compliance after the rule comes into effect • Lessons learned in CMMC/NIST implementations
  • 4. Meet Our Speakers o Ignyte Assurance Platform™ AI enabled risk management software designed to help Chief Security Officers in managing cyber & regulatory risk. o Serves as CxO for multiple small businesses to help them manage technology & cyber risk. o After leaving the USAF, he drove the Information Assurance (IA) programs for multiple Department of Defense (DoD) Agencies. o Started his career as a security specialist in the United States Air Force o Van Brunt Law Firm, P.A. serves clients in the areas of Government Contracts, General Business Law, and Commercial Transactions. o Bryan serves as a General Counsel and COO for small and medium sized businesses in the defense industry. o Served as the Deputy General Counsel at General Dynamics for over 13 years focused on government contracts and general business law. o Started his legal career as an attorney (JAG) in the United States Air Force. Bryan Van Brunt Founder Max Aulakh Founder & CEO
  • 6. Cybersecurity Maturity Model Certification. Closer Look • On September 29, 2020, The Department of Defense (DoD) issued an interim rule to amend DFARS to implement the Cybersecurity Maturity Model Certification (CMMC) framework. • So far, four draft versions of CMMC have been publicly released including the most recent, CMMC 1.02. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. • Built upon the NIST SP 800-171 DoD Assessment Methodology, the CMMC framework adds a comprehensive and scalable certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. • CMMC is designed to provide increased assurance to the DoD that a DIB contractor can adequately protect sensitive unclassified information such as Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.
  • 7. CMMC Development Timeline *Diagram is taken from presentation by Ms. Katie Arrington Chief Information Security Officer for Acquisition. Distribution A. Approved for Public Release
  • 8. Understanding DFARS NIST 800-171 and CMMC Relationship Who needs to be DFARS compliant? All DoD contractors that process, store or transmit Controlled Unclassified Information (CUI) must meet DFARS minimum security standards or risk losing their DoD contracts. Based on NIST Special Publication 800-171, manufacturers must implement these security controls through all levels of their supply chain. Where is DFARS included? DFARS clause 252.204-7012 is included in all solicitations and contracts, including those using Federal Acquisition Regulation (FAR) part 12 commercial item procedures, except for acquisitions solely for commercially available off- the-shelf (COTS) items. The clause requires contractors to apply the security requirements of NIST SP 800-171 to “covered contractor information systems,” as defined in the clause, that are not part of an IT service or system operated on behalf of the Government. How do NIST controls overlap with the emerging CMMC framework? NIST 800-171 is the backbone of the CMMC framework and it is required by all CMMC levels. For example, NIST domains cover 110 controls out of 130 required for Level 3 of CMMC. Would CMMC potentially replace NIST? The CMMC is an advanced step in the DoD’s efforts to properly secure the Defense Industrial Base (DIB). It complements and enforces NIST 800-171 as part of its requirements. Note: The CMMC was released by the DoD on 31 January 2020. The CMMC Accreditation Body members are working to produce additional guidance to support the certification path. For now, Ignyte recommends implementing NIST 800-171. NIST SP 800-171r1 CMMC REQUIREMENTS 20 Additional Practices 51 Maturity Processes DFARS REQUIREMENTS FedRAMP Mod Paragraphs C-G 72 Hour Report
  • 9. 4 Main DFARS Rules ● DFARS 252.204 7012: Safeguarding Covered Defense Information and Cyber Incident Reporting ● DFARS 252.204 7020: NIST SP 800 171 DoD Assessment Requirements ● DFARS 252.204 7019: Notice of NIST SP 800 171 DoD Assessment Requirements ● DFARS 252.204 7021: Cybersecurity Maturity Model Certification Requirements
  • 11. CMMC Levels Level Description 1 Consists of the 15 basic safeguarding requirements from FAR clause 52.204-21. 2 Consists of 65 security requirements from NIST SP 800-171 implemented via DFARS clause 252.204-7012, 7 CMMC practices, and 2 CMMC processes. Intended as an optional intermediary step for contractors as part of their progression to Level 3. 3 Consists of all 110 security requirements from NIST SP 800- 171, 20 CMMC practices, and 3 CMMC processes. 4 Consists of all 110 security requirements from NIST SP 800- 171, 46 CMMC practices, and 4 CMMC processes. 5 Consists of all 110 security requirements from NIST SP 800- 171, 61 CMMC practices, and 5 CMMC processes.
  • 12. Which CMMC level is right for your business? CMMC Level 1 ● Meeting the basic requirements to protect Federal Contract Information (FCI): ○ an up-to-date antivirus software application, ○ strong passwords, ○ unauthorized third parties protection. ● FCI is not intended for public release. ● Minimal efforts required to strengthen the cybersecurity defenses. CMMC Level 2 ● Introducing Controlled Unclassified Information (CUI) ● Standard cybersecurity practices, policies, and strategic plans. ● Major subset of the security requirements specified in NIST SP 800-171. ● 55 new practices for a total of 72 total practices. CMMC Level 3 ● Good cyber hygiene and controls necessary to protect CUI. ● Continuous review of all activities based on their cybersecurity policy. ● All requirements specified in NIST SP 800-171 and other similar standards. ● 130 required security controls, grouped into 17 domains. CMMC Level 4 and Level 5 ● Addressing the changing tactics, techniques, and procedures used by Advanced Persistent Threats (APTs). ● Proactive cybersecurity program and standardized processes to achieve consistency across the entire organization. ● 171 security controls, which are grouped into 17 domains.
  • 14. PROGRAM RESOURCES ● Resources are aligned with various stages of managing the CMMC program for small business Program Metrics & Management SSP & POA&M Deliverables Guided Assessment Training Program Deliverables ● DoD Training Website - https://securityhub.usalearning.gov/content/story.html ● Ignyte Institute Practitioner Level & Top Management Training - https://www.ignyteinstitute.org/ ● CMMC System Security Plan Development - https://www.dfars-nist-800-171.com/ ● NIST 171 Documentaton - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final ● SSP & Other Plan of Action & Milestones (POA&M) - https://www.dfars-nist-800-171.com/
  • 15. CMMC Education & Training ● Ignyte Institute Courses ○ Senior Management Course (20 Mins) ○ Practitioner Level Course (1 hour) ○ www.ignyteinstitute.org ● DoD Issued CUI Training ○ What is CUI and How to recognize it ○ https://securityhub.usalearning.gov/content/sto ry.html
  • 16. COST OF COMPLIANCE & LEVEL OF EFFORT
  • 17. COST OF COMPLIANCE ● COST MANAGEMENT FACTORS ○ Program Development & Management ○ Technology & Engineering Implementation ○ Audit & Certification ● Pricing can range from $20K to $200K depending on several factors. ● Market pricing for 100% of CMMC requirements is not completely understood due to changing requirements and/or interpretation of requirements. https://www.federalregister.gov/documents/2020/09/29/2020-21123/defense- federal-acquisition-regulation-supplement-assessing-contractor-implementation-of
  • 18. Small Businesses Expected Costs CMMC Level Yearly Non Recurring Engineering Yearly Recurring Engineering Costs Yearly Assessment Costs++ Total Yearly Costs Level 1 $0 $0 $1,000 $1,000 Level 2 $407 $20,154 $7,489 $28,050 Level 3 $1,311 $41,666 $17,032 $60,009 Level 4 $46,917 $301,514 $23,355 $371,786 Level 5 $61,511 $384,666 $36,697 $482,874 Cost depends on technology and level of internal maturity
  • 20. POTENTIAL SMB IMPACTS In-adequate security controls leading to internal breach of CUI and FCI. • Engineering Data & Drawings • Internal Data Theft Report Cyber Incidents to DoD at http://dibnet.dod.mil within 72 Hours Increasing cost of both Technology & Compliance ● Decrease quality and effectiveness of current technology implementations. Potential issues with Prime for not following contract flow down requirement. ● Loss of business revenue 3 Major SMB Impacts 1 3 2
  • 22. Lessons Learned ● Implementation is multi-discipline (Not just an IT obligation) ○ IT and IT security ○ HR (training) ○ Physical security ○ Compliance/legal ○ Business leadership – implementation impacts operations ○ Employees
  • 23. Lessons Learned. Continued ● Implementation requires a “Quarterback” and a program team ○ IT teams are not set up to Project Manage a cross-functional implementation ○ Dedicating an PM is imperative
  • 24. Lessons Learned. Continued ● Vendors are all new at this ○ Even established firms lack expertise in CMMC compliance ○ Every system and set of processes is unique and requires new learning ● Implementation must be viewed as a change in company paradigm ○ People – Changing to a security mindset - It’s not virus protection and IT ○ Processes – Implementation of verifiable and auditable procedures (“show me, don’t just tell me”) ○ Technology – Implementation of technology that will require more steps and verification • i.e. sensitivity tagging, data categorization, multi-step access, new approvals
  • 25. Lessons Learned. Continued ● Research solutions to ensure they are compatible and actually have the functionality your business needs. ○ Certified vendors with prior schemes ○ Certified Technology ● This is not going away. It may change, but this to fight a real war going on right now.
  • 26. SUMMARY ● Develop a leadership & management agenda ○ Involve business leadership, legal and IT ● NIST 800-171 & CMMC Levels ● Total Cost of Ownership ○ Program Management ○ Technology ○ Audit ● Apply Lessons Learned
  • 27. Questions? Thank you for attending Bryan Van Brunt Founder Max Aulakh Founder & CEO info@ignyteplatform.com