SlideShare a Scribd company logo

ControlCase CMMC Basics Deck Final.pdf

A
AmyPoblete3

The Cybersecurity Maturity Model Certification enforces the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is shared by the U.S. Department of Defense with contractors and subcontractors. Learn more in the ControlCase CMMC Basics Webinar.

Internet
1 of 29
Download to read offline
Webinar CMMC Basics Presented by: Erik Winkler, Partner, Federal, ControlCase Shamala Boyd, Chief Risk Officer, ControlCase
ERIK WINKLER Partner, Federal ControlCase SHAMALA BOYD Chief Risk Officer ControlCase Presenters:
ControlCase. All Rights Reserved. 3 Agenda ControlCase Intro DFARS, NIST 800-171, SPRS, CMMC Overview What is DFARS? What is NIST 800-171 01 02 03 04 What is an SPRS Score? What is CMMC? Status of CMMC 2.0 Rule 05 06 07 08 CMMC Next Steps
ControlCase Introduction © ControlCase. All Rights Reserved.
© ControlCase. All Rights Reserved. 5 ControlCase Overview Best-in-Class Compliance Platform  ControlCase is revolutionizingthe way enterprises and organizationsdeal with the numerous and frequently changingIT complianceand regulatory requirements  Proprietary software, including appliance and SaaS solutions,that enable CaaS (GRC and Data Discovery)  Compelling proprietary offering combining proprietarysoftware, certification/audits,and managed services on a single platform.  One AuditTMenablesour clienteleto Assess once:Comply to Many  Leadership positionsin the PCI DSS, SOC 2, ISO 27001, HIPAA, HITRUST, FedRAMP and CMMC domains  Serving over 1,000 customers  Global footprint with offices in the U.S., LATAM,UK, India, and Canada  Leverages an offshore delivery infrastructure for competitiveadvantage  IT compliancemanager for multiple industry segments including banking, service providers, retail, hospitality,and telecom Global Vision & Solutions Enhancement Provider of Compliance as a Service (CaaS) subscription-based offering bundling proprietary GRC software and managed services Founded in 2004 Headquartered in Fairfax, VA Offices in U.S., Canada, LATAM, UK, India 300+ employees
ControlCase Snapshot © ControlCase. All Rights Reserved. 6 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically reduce the time, cost, and burden of maintaining IT compliance and becoming certified. Demonstrate compliance more efficiently and cost effectively (cost certainty) Free up your internal resources to focus on other priorities Offload much of the compliance burden to a trusted compliance partner Improve efficiencies by doing more with less resources and gain compliance peace of mind 1,000+ CLIENTS 10,000+ IT SECURITY CERTIFICATIONS 300+ SECURITY EXPERTS
ControlCase Snapshot – Solution © ControlCase. All Rights Reserved. 7 Certification and Continuous Compliance Services Partnership Approach Compliance HUB + = IT Certification Services Continuous Compliance Services &
Certification Services One Audit Assess Once. Comply to Many. © ControlCase. All Rights Reserved. 8 PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity HIPAA MARS-E PCI P2PE GDPR NIST 800-53 PCI PIN PCI SSF/SLC CSA STAR HITRUST CSF
© ControlCase. All Rights Reserved. DFARS, NIST 800-171, SPRS, CMMC Overview
DFARS, NIST 800-171, SPRS, CMMC Overview © ControlCase. All Rights Reserved. 10 DFARS are the overall regulations NIST 800-171 is the control framework that DFARS relies on SPRS score is the methodology for scoring NIST 800-171 CMMC is the framework that gets this all together
© ControlCase. All Rights Reserved. What is DFARS?
Defense Federal Acquisition Regulation Supplement (DFARS) The Defense Federal Acquisition Regulation Supplement (DFARS) to the Federal Acquisition Regulation (FAR) is administered by the Department of Defense (DoD). The DFARS implements and supplements the FAR. DFARS was established in December of 2015 to protect the confidentiality of Controlled Unclassified Information (CUI) within the Defense Industrial Base (DIB). In order to be awarded new DoD contracts, a contractor or supplier must be in compliance with this set of cybersecurity regulations, also known as the Defense Federal Acquisition Regulation Supplement or DFARS. What is DFARS? © ControlCase. All Rights Reserved. 12
© ControlCase. All Rights Reserved. What is NIST 800-171?
NIST SP800-171 NIST is the National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. Specifically, NIST 800-171 dictates how contractors and sub-contractors of Federal agencies should manage Controlled Unclassified Information (CUI). The NIST 800-171 Basic Assessment is a low-confidence self-assessment conducted following the NIST 800-171 DoD Assessment Methodology. The NIST 800-171 Basic Assessment is a low-confidence self-assessment conducted following the NIST 800-171 DoD Assessment Methodology. As of November 30, 2020, all DoD contractors must conduct a NIST 800- 171 Basic Assessment and submit their score to the Supplier Performance Risk System (SPRS). What is NIST 800-171? © ControlCase. All Rights Reserved. 14
NIST 800-171 Control Domains 110 security requirements broken down into 14 control domains taken from FIPS 200 and NIST 800-53: © 2020 ControlCase. All Rights Reserved. 15 Access Control Identification & Authentication Physical Protection Security Assessment Audit & Accountability Incident Response Personnel Security System & Communications Protection Awareness & Training Maintenance Risk Assessment Systems & Information Integrity Configuration Management Media Protection
© ControlCase. All Rights Reserved. What is an SPRS score?
SPRS Score The Supplier Performance Risk System (SPRS) is a Department of Defense (DoD) application that gathers, processes, and displays data about supplier’s performance. SPRS is a “self-certification” score which is the result of a NIST SP 800- 171 DoD Assessment and provides contracting officials a score for the overall assessment of the supplier performance and supplier risk. Once you’ve generated your score, the new DFARS rules require your organization to maintain your current score in the SPRS, meaning the Basic DoD self-assessment can be no more than three years old. What is SPRS? © ControlCase. All Rights Reserved. 17
© ControlCase. All Rights Reserved. What is CMMC?
Cybersecurity Maturity Model Certification (CMMC) CMMC is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). CMMC 1.0 was Released by the US Department of Defense (DoD) and became effective in November 2020. CMMC 2.0 Released November 2021 CMMC ensures that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. What is CMMC? © ControlCase. All Rights Reserved. 19
Who Does CMMC Apply To? © ControlCase. All Rights Reserved. 20 Defense Industrial Base (DIB) contractors whose unclassified networks process, store, or transmit Controlled Unclassified Information (CUI). Defense Industrial Base (DIB) contractors whose unclassified networks process Federal Contract Information (FCI).
You have FCI Only You have CUI (in addition to FCI) Level 1 Level 2 or 3 What CMMC Level Are You and Next Steps? © ControlCase. All Rights Reserved. 21 WHAT YOU NEED TO DO Level 1 Self Assessment (optionally assisted by ControlCase) Level 2a The information that you manage is not critical to national security - Self Assessment (optionally assisted by ControlCase) Level 2b The information that you manage is critical to national security - C3PAO assessment (C3PAO assessment once every three years) Level 3 The information you manage involves highest priority, most critical defense programs - Government conducts an audit (Once every three years)
© ControlCase. All Rights Reserved. Next Steps for CMMC
What You Need to Do © ControlCase. All Rights Reserved. 23 First, submit your SPRS score here: https://www.sprs.csd.disa.mil/
• DFARS 7019 – As of June 2022, requires compliance to NIST 800- 171 controls and the submission of your NIST 800-171 Score and Report to the Supplier Performance Risk System (SPRS). • For Entities with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks, you must: ⎻ Document your CMMC/NIST 800-171 System Security Plan (SSP) ⎻ Perform an assessment of all NIST 800-171 controls as documented in your CMMC/NIST 800-171 System Security Plan, including formal evidence collection and reporting. ⎻ Calculate your NIST 800-171 score as required by DFARS 7019. ⎻ Document any deficiencies with remediation steps in a Plan of Action and Milestones (POA&M) document. ⎻ Complete affirmation using the Supplier Performance Risk System (SPRS) - https://www.sprs.csd.disa.mil ⎻ Maintain evidence of your NIST 800-171 compliance to avoid DoJ False Claims Act investigations. CMMC Assessment (What you must do NOW!) © ControlCase. All Rights Reserved. 24
CONTROLCASE CMMC LEVEL 1 ASSESSMENT PROCESS CONTROLCASE CMMC LEVEL 2A ASSESSMENT PROCESS 1. Deploy Compliance Hub with NIST 800-171 controls covering 17 practices 2. Complete Scoping 3. Complete 50% Evidence Review 4. Complete 100% Evidence Review 5. *Publish Level 1 Self-Assessment Report . A. Deploy Compliance Hub with NIST 800-171 controls covering 110 practices B. Complete Scoping C. Complete 50% Evidence Review D. Complete 100% Evidence Review E. *Publish Level 2 Self Assessment Report ControlCase CMMC Assessment Process © ControlCase. All Rights Reserved. 25
© ControlCase. All Rights Reserved. Status of CMMC 2.0 Rule
Status of CMMC 2.0 Rule © ControlCase. All Rights Reserved. 27 November 2023 – OIRA completes review of 9 CMMC model documents clearing the way for rule publication. December 2023 – CMMC proposed rule published in the Federal Register – 60-day public comment period begins. Q1 2024 – Public comment period expected to be closed. DoD starts the process to review all comments and finalize the rule. Q1 2025 – CMMC final rule is published and goes into effect. A 3-year “phased roll-out” into all DoD contracts begins.
Q&A ControlCase. All Rights Reserved. 28 • Please type your questions in the questions window. • Any unanswered questions will be addressed via email following the presentation.
THANK YOU contact@controlcase.com www.ControlCase.com

Recommended

Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaiFour Consultancy
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001PECB
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 

Recommended

Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseMart Rovers
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?ISO/IEC 27001:2022 – What are the changes?
ISO/IEC 27001:2022 – What are the changes?PECB
 
Iso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaIso 27001 2013 clause 6 - planning - by Software development company in india
Iso 27001 2013 clause 6 - planning - by Software development company in indiaiFour Consultancy
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Top management role to implement ISO 27001
Top management role to implement ISO 27001Top management role to implement ISO 27001
Top management role to implement ISO 27001PECB
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part Ikhushboo
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP CertificationSam Bowne
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examInfosec
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...PECB
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsIgnyte Assurance Platform
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modelingsedukull
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
27001.pptx
27001.pptx27001.pptx
27001.pptxAvniJain836319
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 

More Related Content

What's hot

Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NetLockSmith
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP CertificationSam Bowne
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examInfosec
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032PECB
 
Siem ppt
Siem pptSiem ppt
Siem pptkmehul
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...PECB
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modelingsedukull
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3Tanmay Shinde
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCristian Garcia G.
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 

What's hot (20)

Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2NIST presentation on RMF 2.0 / SP 800-37 rev. 2
NIST presentation on RMF 2.0 / SP 800-37 rev. 2
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
Introduction: CISSP Certification
Introduction: CISSP CertificationIntroduction: CISSP Certification
Introduction: CISSP Certification
 
CompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new examCompTIA CASP+ | Everything you need to know about the new exam
CompTIA CASP+ | Everything you need to know about the new exam
 
Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032Improve Cybersecurity posture by using ISO/IEC 27032
Improve Cybersecurity posture by using ISO/IEC 27032
 
Siem ppt
Siem pptSiem ppt
Siem ppt
 
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
George, Tony, Michael - PECB Webinar 27701 Data Protection Risk Management V1...
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
Risk Assessment and Threat Modeling
Risk Assessment and Threat ModelingRisk Assessment and Threat Modeling
Risk Assessment and Threat Modeling
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
Cloud Security Strategy by McAfee
Cloud Security Strategy by McAfeeCloud Security Strategy by McAfee
Cloud Security Strategy by McAfee
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
PECB Webinar: Cybersecurity Guidelines – Introduction to ISO 27032
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 

Similar to ControlCase CMMC Basics Deck Final.pdf

DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfControlCase
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
 
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarControlCase
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyControlCase
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security CertificationsNithin Sai
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowInfosec
 
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceWilliam McBorrough
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxJack Nichelson
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsHelpSystems
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 

Similar to ControlCase CMMC Basics Deck Final.pdf (20)

DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
 
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish KirtikarMaintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
 
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to ManyOneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
Cyber-Security Certifications
Cyber-Security CertificationsCyber-Security Certifications
Cyber-Security Certifications
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
 
CompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to knowCompTIA cysa+ certification changes: Everything you need to know
CompTIA cysa+ certification changes: Everything you need to know
 
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
IoT and M2M Safety and Security
IoT and M2M Safety and Security IoT and M2M Safety and Security
IoT and M2M Safety and Security
 
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
 

Recently uploaded

Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...akbard9823
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 

Recently uploaded (20)

Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
Sushant Golf City / best call girls in Lucknow | Service-oriented sexy call g...
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 

ControlCase CMMC Basics Deck Final.pdf

  • 1. Webinar CMMC Basics Presented by: Erik Winkler, Partner, Federal, ControlCase Shamala Boyd, Chief Risk Officer, ControlCase
  • 2. ERIK WINKLER Partner, Federal ControlCase SHAMALA BOYD Chief Risk Officer ControlCase Presenters:
  • 3. ControlCase. All Rights Reserved. 3 Agenda ControlCase Intro DFARS, NIST 800-171, SPRS, CMMC Overview What is DFARS? What is NIST 800-171 01 02 03 04 What is an SPRS Score? What is CMMC? Status of CMMC 2.0 Rule 05 06 07 08 CMMC Next Steps
  • 5. © ControlCase. All Rights Reserved. 5 ControlCase Overview Best-in-Class Compliance Platform  ControlCase is revolutionizingthe way enterprises and organizationsdeal with the numerous and frequently changingIT complianceand regulatory requirements  Proprietary software, including appliance and SaaS solutions,that enable CaaS (GRC and Data Discovery)  Compelling proprietary offering combining proprietarysoftware, certification/audits,and managed services on a single platform.  One AuditTMenablesour clienteleto Assess once:Comply to Many  Leadership positionsin the PCI DSS, SOC 2, ISO 27001, HIPAA, HITRUST, FedRAMP and CMMC domains  Serving over 1,000 customers  Global footprint with offices in the U.S., LATAM,UK, India, and Canada  Leverages an offshore delivery infrastructure for competitiveadvantage  IT compliancemanager for multiple industry segments including banking, service providers, retail, hospitality,and telecom Global Vision & Solutions Enhancement Provider of Compliance as a Service (CaaS) subscription-based offering bundling proprietary GRC software and managed services Founded in 2004 Headquartered in Fairfax, VA Offices in U.S., Canada, LATAM, UK, India 300+ employees
  • 6. ControlCase Snapshot © ControlCase. All Rights Reserved. 6 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically reduce the time, cost, and burden of maintaining IT compliance and becoming certified. Demonstrate compliance more efficiently and cost effectively (cost certainty) Free up your internal resources to focus on other priorities Offload much of the compliance burden to a trusted compliance partner Improve efficiencies by doing more with less resources and gain compliance peace of mind 1,000+ CLIENTS 10,000+ IT SECURITY CERTIFICATIONS 300+ SECURITY EXPERTS
  • 7. ControlCase Snapshot – Solution © ControlCase. All Rights Reserved. 7 Certification and Continuous Compliance Services Partnership Approach Compliance HUB + = IT Certification Services Continuous Compliance Services &
  • 8. Certification Services One Audit Assess Once. Comply to Many. © ControlCase. All Rights Reserved. 8 PCI DSS ISO 27001 & 27002 SOC 1,2,3 & SOC for Cybersecurity HIPAA MARS-E PCI P2PE GDPR NIST 800-53 PCI PIN PCI SSF/SLC CSA STAR HITRUST CSF
  • 9. © ControlCase. All Rights Reserved. DFARS, NIST 800-171, SPRS, CMMC Overview
  • 10. DFARS, NIST 800-171, SPRS, CMMC Overview © ControlCase. All Rights Reserved. 10 DFARS are the overall regulations NIST 800-171 is the control framework that DFARS relies on SPRS score is the methodology for scoring NIST 800-171 CMMC is the framework that gets this all together
  • 11. © ControlCase. All Rights Reserved. What is DFARS?
  • 12. Defense Federal Acquisition Regulation Supplement (DFARS) The Defense Federal Acquisition Regulation Supplement (DFARS) to the Federal Acquisition Regulation (FAR) is administered by the Department of Defense (DoD). The DFARS implements and supplements the FAR. DFARS was established in December of 2015 to protect the confidentiality of Controlled Unclassified Information (CUI) within the Defense Industrial Base (DIB). In order to be awarded new DoD contracts, a contractor or supplier must be in compliance with this set of cybersecurity regulations, also known as the Defense Federal Acquisition Regulation Supplement or DFARS. What is DFARS? © ControlCase. All Rights Reserved. 12
  • 13. © ControlCase. All Rights Reserved. What is NIST 800-171?
  • 14. NIST SP800-171 NIST is the National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. Specifically, NIST 800-171 dictates how contractors and sub-contractors of Federal agencies should manage Controlled Unclassified Information (CUI). The NIST 800-171 Basic Assessment is a low-confidence self-assessment conducted following the NIST 800-171 DoD Assessment Methodology. The NIST 800-171 Basic Assessment is a low-confidence self-assessment conducted following the NIST 800-171 DoD Assessment Methodology. As of November 30, 2020, all DoD contractors must conduct a NIST 800- 171 Basic Assessment and submit their score to the Supplier Performance Risk System (SPRS). What is NIST 800-171? © ControlCase. All Rights Reserved. 14
  • 15. NIST 800-171 Control Domains 110 security requirements broken down into 14 control domains taken from FIPS 200 and NIST 800-53: © 2020 ControlCase. All Rights Reserved. 15 Access Control Identification & Authentication Physical Protection Security Assessment Audit & Accountability Incident Response Personnel Security System & Communications Protection Awareness & Training Maintenance Risk Assessment Systems & Information Integrity Configuration Management Media Protection
  • 16. © ControlCase. All Rights Reserved. What is an SPRS score?
  • 17. SPRS Score The Supplier Performance Risk System (SPRS) is a Department of Defense (DoD) application that gathers, processes, and displays data about supplier’s performance. SPRS is a “self-certification” score which is the result of a NIST SP 800- 171 DoD Assessment and provides contracting officials a score for the overall assessment of the supplier performance and supplier risk. Once you’ve generated your score, the new DFARS rules require your organization to maintain your current score in the SPRS, meaning the Basic DoD self-assessment can be no more than three years old. What is SPRS? © ControlCase. All Rights Reserved. 17
  • 18. © ControlCase. All Rights Reserved. What is CMMC?
  • 19. Cybersecurity Maturity Model Certification (CMMC) CMMC is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). CMMC 1.0 was Released by the US Department of Defense (DoD) and became effective in November 2020. CMMC 2.0 Released November 2021 CMMC ensures that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. What is CMMC? © ControlCase. All Rights Reserved. 19
  • 20. Who Does CMMC Apply To? © ControlCase. All Rights Reserved. 20 Defense Industrial Base (DIB) contractors whose unclassified networks process, store, or transmit Controlled Unclassified Information (CUI). Defense Industrial Base (DIB) contractors whose unclassified networks process Federal Contract Information (FCI).
  • 21. You have FCI Only You have CUI (in addition to FCI) Level 1 Level 2 or 3 What CMMC Level Are You and Next Steps? © ControlCase. All Rights Reserved. 21 WHAT YOU NEED TO DO Level 1 Self Assessment (optionally assisted by ControlCase) Level 2a The information that you manage is not critical to national security - Self Assessment (optionally assisted by ControlCase) Level 2b The information that you manage is critical to national security - C3PAO assessment (C3PAO assessment once every three years) Level 3 The information you manage involves highest priority, most critical defense programs - Government conducts an audit (Once every three years)
  • 22. © ControlCase. All Rights Reserved. Next Steps for CMMC
  • 23. What You Need to Do © ControlCase. All Rights Reserved. 23 First, submit your SPRS score here: https://www.sprs.csd.disa.mil/
  • 24. • DFARS 7019 – As of June 2022, requires compliance to NIST 800- 171 controls and the submission of your NIST 800-171 Score and Report to the Supplier Performance Risk System (SPRS). • For Entities with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks, you must: ⎻ Document your CMMC/NIST 800-171 System Security Plan (SSP) ⎻ Perform an assessment of all NIST 800-171 controls as documented in your CMMC/NIST 800-171 System Security Plan, including formal evidence collection and reporting. ⎻ Calculate your NIST 800-171 score as required by DFARS 7019. ⎻ Document any deficiencies with remediation steps in a Plan of Action and Milestones (POA&M) document. ⎻ Complete affirmation using the Supplier Performance Risk System (SPRS) - https://www.sprs.csd.disa.mil ⎻ Maintain evidence of your NIST 800-171 compliance to avoid DoJ False Claims Act investigations. CMMC Assessment (What you must do NOW!) © ControlCase. All Rights Reserved. 24
  • 25. CONTROLCASE CMMC LEVEL 1 ASSESSMENT PROCESS CONTROLCASE CMMC LEVEL 2A ASSESSMENT PROCESS 1. Deploy Compliance Hub with NIST 800-171 controls covering 17 practices 2. Complete Scoping 3. Complete 50% Evidence Review 4. Complete 100% Evidence Review 5. *Publish Level 1 Self-Assessment Report . A. Deploy Compliance Hub with NIST 800-171 controls covering 110 practices B. Complete Scoping C. Complete 50% Evidence Review D. Complete 100% Evidence Review E. *Publish Level 2 Self Assessment Report ControlCase CMMC Assessment Process © ControlCase. All Rights Reserved. 25
  • 26. © ControlCase. All Rights Reserved. Status of CMMC 2.0 Rule
  • 27. Status of CMMC 2.0 Rule © ControlCase. All Rights Reserved. 27 November 2023 – OIRA completes review of 9 CMMC model documents clearing the way for rule publication. December 2023 – CMMC proposed rule published in the Federal Register – 60-day public comment period begins. Q1 2024 – Public comment period expected to be closed. DoD starts the process to review all comments and finalize the rule. Q1 2025 – CMMC final rule is published and goes into effect. A 3-year “phased roll-out” into all DoD contracts begins.
  • 28. Q&A ControlCase. All Rights Reserved. 28 • Please type your questions in the questions window. • Any unanswered questions will be addressed via email following the presentation.