The DoD released v1.2 of the CMMC on March 18, 2020, Walkthrough the slides to understand
1. CMMC/DFARS/NIST SP 800-171
2. CMMC Framework
3. CMMC Levels & Requirements
4. The CMMC effort builds upon existing regulation
5. CMMC – Asset Management
6. CMMC Practices Across Domains per Maturity Levels
7. NIST 800-171 to CMMC Gaps
8. Certification & Accreditation Details
9. CMMC Training
10. Challenges being solved by Ignyte | Training
11. Challenges being solved by Ignyte | Automation
12. What is included within the Full CMMC Accreditation Package?
13. CMMC Accreditation Process Automated
• Enterprise Risk Leader 15 years of Business and Security Technology Leadership experience
• Corporate security experience – WorldPay, NCR, IBM, Dell, Credit Union, GDRTA, etc..
• Federal agency cyber experience – USAF, Army, Navy, DOS, NRO, NGA, CIA, NSA, NASIC and others units for system
Formal Education & Credentials:
• Wright State University – MBA (2014)
• American Military University – B.S Information Security, Computer Science (2009)
• Community College of the Air Force – Criminal Justice (2009)
• Cyber & Technology Industry Credentials: CISSP, PMP, Linux+, Security+, Network+, ITIL-F, Certified Scrum Master
• Cigital Defensing Programming, OWASP, Threat Modeling, etc..
• Cyber Regulatory/Frameworks – NIST, HIPAA, HITRUST, SOC 1/2, CIS, FFIEC, ISO 27K, FISMA
• Formal Military Physical Security Training: Counter Terrorism, HAZMAT, Explosive Ordinance, Customs, Use of Force, LOAC, Force
Protection, Combat Leadership, Ground Defense Command, SERE, Bloodborne Pathogens
• Formalized Weapon Systems Training: M9, M4, M2, M249 & M240B
US Military Operational - Security Focused Global Tour of Duties:
• 2007-2009: Iraq – Security Forces Member
• 2006-2007: Afghanistan – Security Forces Member/Linguist
• 2005-2006: Iraq – Security Forces/Classified Systems Member
• 2003-2005: Turkey – US Nuclear Weapons Systems Administrator & Security Member
Ignyte Assurance Platform
Defense Cyber Security Professional
US Military Top Secret Clearance
Max Aulakh, MBA, CISSP, PMP, ITIL-F
General Partner | Ignyte Platform
CMMC/DFARS/NIST SP 800-171
Defense Federal Acquisition Regulation Supplement
• Signed into law on November 4, 2010
• This was the governments effort to protect the U.S. defense supply chain.
• Mandates that private DoD contractors adopt cybersecurity standards that follow
• DFARS lets contracting companies “self attest” their contract requirements after
they have already won the contract
NIST SP 800-171
• The National Institute of Standards and Technology (NIST) 800-171 governs
Controlled Unclassified Information (CUI) in Non-Federal Information Systems
• Was developed after the Federal Information Security Act (FISMA), which is the
law was passed in 2003.
Cybersecurity Maturity Model Certification (CMMC)
• The DoD released v1.2 of the CMMC on March 18, 2020
• They created CMMC in response to the continued exfiltration of controlled unclassified information
(CUI) from its supply chain.
• Does not allow POA&Ms like the current DFARS requirement does.
• CMMC will serve as the unified standard for cybersecurity that will be incorporated as a “go/no-go”
requirement for DoD acquisitions.
• The DoD will require certified Third-Party Assessment Organizations (C3PAO) to conduct audits on
all DoD contractors.
• CMMC requirements are expected to appear in RFPs in September of 2020.