SlideShare a Scribd company logo

Cybersecurity Maturity Model Certification

Murray Security Services
Murray Security Services

The new CMMC version 1 was published in January 2020. This presentation was provided to small businesses's that are part of the DoD supply chain. It helps to understand the requirements.

Government & Nonprofit
1 of 20
Download to read offline
CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC) Presented by: Dr. Shawn P. Murray, C|CISO, CISSP CRISC February 18, 2020
www.pikespeaksbdc.org Funded in part through a cooperative agreement with the U.S. Small Business Administration
Cybersecurity Maturity Model Certification Agenda • Govt. Contracts • OUSD(A&S) Perspective • CMMC Version 1.0 • Assessing NIST SP 800-171 • CMMC Certification • Maturity levels for NIST 800-171/CMMC compliance • Questions © 2020 Colorado SBDC TechSource
Susan Cassidy, Government Contracts Attorney • “The concept of a CMMC framework arose in response to a series of high- profile breaches of DoD information,” writes Susan Cassidy, Government Contracts Attorney, Covington.” • “This new program was designed to strengthen the defense industrial base and be a relevant benchmark to secure the supply chain, she said.” • “The framework aims to certify a company’s compliance with federal cybersecurity regulations around controlled unclassified information (CUI).” © 2020 Colorado SBDC TechSource
OUSD(A&S) Perspective • The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. • The Department is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain. © 2020 Colorado SBDC TechSource
CMMC Partners • OUSD(A&S) is working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry to develop the Cybersecurity Maturity Model Certification (CMMC). • The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. • For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats. • The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements. • The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels. • The intent is for certified independent 3rd party organizations to conduct audits and inform risk. © 2020 Colorado SBDC TechSource
© 2020 Colorado SBDC TechSource DoD Announces Release of CMMC Version 1.0
© 2020 Colorado SBDC TechSource
DoD Announces the Release of CMMC Version 1.0 First: • Secretary Lord emphasized the significant national security threat that contractors and their subcontractors face from sophisticated cyber adversaries. • She noted that cyber attacks are low cost to conduct, but that in the past year alone, cyber attacks resulted in approximately $600 billion dollars of global GDP lost through cyber theft. • She also emphasized that DoD has expended considerable efforts communicating with and receiving input from industry and sees this as a key partnership between DoD and the defense industry to protect sensitive government information. © 2020 Colorado SBDC TechSource
Second: • DoD representatives explained that DoD is taking a “crawl, walk, run” approach with implementation of the CMMC. • Although the rollout will begin this year, DoD’s goal is to have the requirement fully implemented by Fiscal Year 2026. • This year, DoD intends to select third party accreditation vendors, to be called “C3PAOs.” • Although no significant details as to content were shared, DoD also plans to publish a new DFARS regulation in late spring or in early summer. • Finally, DoD plans to add CMMC requirements to ten procurements at the end of this year with contractors and subcontractors expected to meet all applicable CMMC requirements at the time of award. • DoD’s expectation is that each individual procurement will affect a relatively large number of contractors once subcontract awards at various levels of the supply chain are taken into account. • These procurements are expected to include a mix of CMMC Levels. © 2020 Colorado SBDC TechSource DoD Announces the Release of CMMC Version 1.0
Third: • DoD provided some insight into the Accreditation Body, which it stood up in early January 2020. • The Accreditation Body is charged with overseeing training, quality, and administration of the C3PAOs and will consist of 13 members from the defense industrial base, cybersecurity community, and academic community who self-nominate to join. • The names of the members of the Accreditation Body were not provided at the press conference, but DoD shared that the Body has elected a Chairman and that it has a Board of Directors. • DoD is currently drafting a memorandum of understanding (“MOU”) with the Accreditation Body that will outline the roles, rules, and responsibilities of the parties. • Given the sensitive information that the Accreditation Body and the auditors will have access to, the MOU is expected to address potential conflicts of interest. © 2020 Colorado SBDC TechSource DoD Announces the Release of CMMC Version 1.0
Assessing NIST SP 800-171 • NIST Handbook 162 "NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements.” • The Handbook provides a step-by-step guide to assessing a manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1. • In addition to helping defense contractors comply with DFARS, the Handbook may also be useful for other manufacturers interested in applying the NIST SP 800-171 security requirements, including those seeking to comply with the Controlled Unclassified Information Federal Acquisition Regulation (FAR) clause. • Additionally, manufacturers operating in commercial supply chains may consider implementing the NIST security requirements as an integral aspect of managing their organizational risks. • The MEP National NetworkTM has been active in providing awareness and assistance to help U.S. manufacturers protect their information assets from the risks of cyberattacks. • MEP Centers can provide valuable assistance to small manufacturers seeking reduction of their cyber risks and DFARS compliance. © 2020 Colorado SBDC TechSource
CMMC Certification • To be certified at a specific Level, contractors are required not only to implement each of the Practices required for the specific Level, but also to achieve a certain level of maturity for the specific Level regarding the implementation of all the Practices. • For example, • Level 1, simply requires contractors to “Perform” the Practices, • Level 3 requires all the related Practices to be “Managed” • Level 5 requires all the Practices to be “Optimized.” © 2020 Colorado SBDC TechSource
CMMC Certification Term Description Number Domains Key sets (or families) of cybersecurity requirements. 17 Domains in total. Capabilities Sub-set of requirements within each Domain. 43 Capabilities in total. Practices Security controls required by Level necessary to achieve a certain Capability. 171 Practices when aggregated across all certification Levels. Processes Measure of maturity (or institutionalization) of policies, plans, and activities associated with Practices. 5 Processes when aggregated across all certification Levels. © 2020 Colorado SBDC TechSource Along with the release of the updated model, DoD announced that it was working on a Defense Federal Acquisition Regulation Supplement (“DFARS”) rule that should cover some of the implementation issues associated with the CMMC.
Maturity levels for NIST 800-171/CMMC compliance. • The Department of Defense currently mandates that its contractors meet the requirements of NIST Special Publication 800–171 but there is no audit or accountability for protecting CUI. • This shortcoming has led to the devising of the Cybersecurity Capability Model Certification (CMMC), which will require third-party audits and certification for the DoD supply chain for compliance built on the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. • This requires defense contractors handling sensitive, unclassified information to implement the 110 security controls of NIST SP 800-171. © 2020 Colorado SBDC TechSource
Maturity levels for NIST 800-171/CMMC compliance • Implementing cybersecurity in DoD supply chains is based on the identification of five certification tiers for CMMC: • CMMC Level 1 | Basic Cyber Hygiene | 17 security controls (NIST SP 800-171 rev 1) • CMMC Level 2 | Intermediate Cyber Hygiene | 46 security controls (NIST SP 800-171 rev 1) • CMMC Level 3 | Good Cyber Hygiene | 47 security controls (NIST SP 800-171 rev 1) • CMMC Level 4 | Proactive | 26 security controls (NIST SP 800-171B) • CMMC Level 5 | Advanced/Progressive | 4 security controls (NIST SP 800-171B) © 2020 Colorado SBDC TechSource
The maturity levels for NIST 800-171/CMMC compliance. • Previous guidance under NIST’s SP 800-171 allowed for self- assessment, and attestation in order for companies to be awarded a certification at the appropriate CMMC level. • This year, under CMMC, organizations will now need to demonstrate to assessors and certifiers the following: • appropriate capabilities; • organizational maturity, • proper controls and processes in place to reduce the risk of specific cyberthreats. © 2020 Colorado SBDC TechSource
Resources • https://www.acq.osd.mil/cmmc/index.html • https://www.nist.gov/mep/cybersecurity-resources-manufacturers/dfars-compliance • https://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf • https://www.insidegovernmentcontracts.com/2020/02/dod-announces-the-release-of- cmmc-version-1- 0/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+InsideGove rnmentContracts+%28Inside+Government+Contracts%29 • https://www.insidegovernmentcontracts.com/2020/02/a-closer-look-at-version-1-0-of- dods-cybersecurity-maturity-model- certification/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+I nsideGovernmentContracts+%28Inside+Government+Contracts%29 © 2020 Colorado SBDC TechSource
Questions? © 2020 Colorado SBDC TechSource Thank you!
www.pikespeaksbdc.org Funded in part through a cooperative agreement with the U.S. Small Business Administration

Recommended

Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
Rishi Kant
 

Recommended

Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)Cybersecurity Capability Maturity Model (C2M2)
Cybersecurity Capability Maturity Model (C2M2)
Maganathin Veeraragaloo
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
Tandhy Simanjuntak
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
NIST cybersecurity framework
NIST cybersecurity frameworkNIST cybersecurity framework
NIST cybersecurity framework
Shriya Rai
 
SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?SOC: Use cases and are we asking the right questions?
SOC: Use cases and are we asking the right questions?
Jonathan Sinclair
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Secure SDLC Framework
Secure SDLC FrameworkSecure SDLC Framework
Secure SDLC Framework
Rishi Kant
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
Siemplify
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
Amazon Web Services
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
RSAArcher
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
David Sweigert
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
ManageEngine EventLog Analyzer
 
ISMS implementation challenges-KASYS
ISMS implementation challenges-KASYSISMS implementation challenges-KASYS
ISMS implementation challenges-KASYS
Reza Teynia ISMS, ITSM, MSc
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
Jack Nichelson
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
Jack Nichelson
 

More Related Content

What's hot

Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
Siemplify
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
Priyanka Aash
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
Amazon Web Services
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
PECB
 
Security architecture
Security architectureSecurity architecture
Security architecture
Duncan Unwin
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
RSAArcher
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
Priyanka Aash
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
David Sweigert
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
ManageEngine EventLog Analyzer
 
ISMS implementation challenges-KASYS
ISMS implementation challenges-KASYSISMS implementation challenges-KASYS
ISMS implementation challenges-KASYS
Reza Teynia ISMS, ITSM, MSc
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
Julia Urbina-Pineda
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 

What's hot (20)

Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Building A Security Operations Center
Building A Security Operations CenterBuilding A Security Operations Center
Building A Security Operations Center
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
 
NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF) NIST Critical Security Framework (CSF)
NIST Critical Security Framework (CSF)
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)The Next Generation of Security Operations Centre (SOC)
The Next Generation of Security Operations Centre (SOC)
 
Security architecture
Security architectureSecurity architecture
Security architecture
 
PPT-Security-for-Management.pptx
PPT-Security-for-Management.pptxPPT-Security-for-Management.pptx
PPT-Security-for-Management.pptx
 
SOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOCSOC Architecture - Building the NextGen SOC
SOC Architecture - Building the NextGen SOC
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
Cyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model RoadmapCyber Table Top Exercise -- Model Roadmap
Cyber Table Top Exercise -- Model Roadmap
 
SIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security ArsenalSIEM - Your Complete IT Security Arsenal
SIEM - Your Complete IT Security Arsenal
 
ISMS implementation challenges-KASYS
ISMS implementation challenges-KASYSISMS implementation challenges-KASYS
ISMS implementation challenges-KASYS
 
Information security management system (isms) overview
Information security management system (isms) overviewInformation security management system (isms) overview
Information security management system (isms) overview
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
 

Similar to Cybersecurity Maturity Model Certification

A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
Jack Nichelson
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
Jack Nichelson
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
William McBorrough
 
The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?
Unanet
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
ControlCase
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
Jack Nichelson
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
ControlCase
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
JSchaus & Associates
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
 
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
Robert E Jones
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
Ignyte Assurance Platform
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable
SolarWinds
 
Importance about do d cyber and cmmc ab at cmmcmarketplace.org
Importance about do d cyber and cmmc ab at cmmcmarketplace.orgImportance about do d cyber and cmmc ab at cmmcmarketplace.org
Importance about do d cyber and cmmc ab at cmmcmarketplace.org
cmmcmarketplace
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
AmyPoblete3
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Ignyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
 
CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023
Withum
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
ControlCase
 

Similar to Cybersecurity Maturity Model Certification (20)

A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance ServiceMCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
 
The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
 
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable Government Webinar: Preparing for CMMC Compliance Roundtable
Government Webinar: Preparing for CMMC Compliance Roundtable
 
Importance about do d cyber and cmmc ab at cmmcmarketplace.org
Importance about do d cyber and cmmc ab at cmmcmarketplace.orgImportance about do d cyber and cmmc ab at cmmcmarketplace.org
Importance about do d cyber and cmmc ab at cmmcmarketplace.org
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
 
CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023CMMC for Contractors and Manufacturers – What to Know for 2023
CMMC for Contractors and Manufacturers – What to Know for 2023
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 

More from Murray Security Services

Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
Murray Security Services
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
Murray Security Services
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
Murray Security Services
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Murray Security Services
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
Murray Security Services
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
Murray Security Services
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
Murray Security Services
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
Murray Security Services
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
Murray Security Services
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
Murray Security Services
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
Murray Security Services
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
Murray Security Services
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
Murray Security Services
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
Murray Security Services
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
Murray Security Services
 

More from Murray Security Services (15)

Accidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 VersionAccidental Insider Threat - 2018 Version
Accidental Insider Threat - 2018 Version
 
Manufacturing Hacks
Manufacturing HacksManufacturing Hacks
Manufacturing Hacks
 
Spectre & Meltdown
Spectre & MeltdownSpectre & Meltdown
Spectre & Meltdown
 
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex IssueGlobal Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
Global Shortage on Cyber Security Workforce - An Analysis of a Complex Issue
 
Cybersecurity for Small Business
Cybersecurity for Small BusinessCybersecurity for Small Business
Cybersecurity for Small Business
 
Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?Barcode Metadata & Privacy - What is the risk really?
Barcode Metadata & Privacy - What is the risk really?
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Countering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from ChinaCountering the Cyber Espionage Threat from China
Countering the Cyber Espionage Threat from China
 
How to Write Good Policies
How to Write Good PoliciesHow to Write Good Policies
How to Write Good Policies
 
IT Position of Trust Designation
IT Position of Trust DesignationIT Position of Trust Designation
IT Position of Trust Designation
 
ToR - Deep Web
ToR - Deep Web ToR - Deep Web
ToR - Deep Web
 
Internet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber CrimeInternet of things, New Challenges in Cyber Crime
Internet of things, New Challenges in Cyber Crime
 
Social Engineering 2.0
Social Engineering 2.0Social Engineering 2.0
Social Engineering 2.0
 
The Accidental Insider Threat
The Accidental Insider ThreatThe Accidental Insider Threat
The Accidental Insider Threat
 

Recently uploaded

2024: The FAR - Federal Acquisition Regulations, Part 43
2024: The FAR - Federal Acquisition Regulations, Part 432024: The FAR - Federal Acquisition Regulations, Part 43
2024: The FAR - Federal Acquisition Regulations, Part 43
JSchaus & Associates
 
GUIA_LEGAL_CHAPTER_7_COLOMBIAN TAX REGIME.pdf
GUIA_LEGAL_CHAPTER_7_COLOMBIAN TAX REGIME.pdfGUIA_LEGAL_CHAPTER_7_COLOMBIAN TAX REGIME.pdf
GUIA_LEGAL_CHAPTER_7_COLOMBIAN TAX REGIME.pdf
ProexportColombia1
 
Call Girls Kolkata { 7014168258 } Book High Class Models In Kolkata
Call Girls Kolkata { 7014168258 } Book High Class Models In KolkataCall Girls Kolkata { 7014168258 } Book High Class Models In Kolkata
Call Girls Kolkata { 7014168258 } Book High Class Models In Kolkata
aakashkumar5545
 
Call Girls Ahmedabad 🌹 7339748667 🌹 With No Advance Payment
Call Girls Ahmedabad 🌹 7339748667 🌹 With No Advance PaymentCall Girls Ahmedabad 🌹 7339748667 🌹 With No Advance Payment
Call Girls Ahmedabad 🌹 7339748667 🌹 With No Advance Payment
prijesh mathew
 
一比一原版(Adelaide毕业证)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证)阿德莱德大学毕业证如何办理一比一原版(Adelaide毕业证)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证)阿德莱德大学毕业证如何办理
teeaszt
 
一比一原版英国阿伯丁大学毕业证(AU毕业证书)学历如何办理
一比一原版英国阿伯丁大学毕业证(AU毕业证书)学历如何办理一比一原版英国阿伯丁大学毕业证(AU毕业证书)学历如何办理
一比一原版英国阿伯丁大学毕业证(AU毕业证书)学历如何办理
afsebu
 
The cost of poor health: What does rising health-related benefit spending mea...
The cost of poor health: What does rising health-related benefit spending mea...The cost of poor health: What does rising health-related benefit spending mea...
The cost of poor health: What does rising health-related benefit spending mea...
ResolutionFoundation
 
All Loan Insorance Are Money Problem.docx 1
All Loan Insorance Are Money Problem.docx 1All Loan Insorance Are Money Problem.docx 1
All Loan Insorance Are Money Problem.docx 1
arushiyadavp11
 
SPONSORED CONTENT - Palmetier Law - Unleashing Small Business Innovations: A ...
SPONSORED CONTENT - Palmetier Law - Unleashing Small Business Innovations: A ...SPONSORED CONTENT - Palmetier Law - Unleashing Small Business Innovations: A ...
SPONSORED CONTENT - Palmetier Law - Unleashing Small Business Innovations: A ...
JSchaus & Associates
 
EI Statistical Review of World Energy 2024
EI Statistical Review of World Energy 2024EI Statistical Review of World Energy 2024
EI Statistical Review of World Energy 2024
Energy for One World
 
CBO's Immigration Projections - Presentation
CBO's Immigration Projections - PresentationCBO's Immigration Projections - Presentation
CBO's Immigration Projections - Presentation
Congressional Budget Office
 
Sponsor a Child for Education & Food.pptx
Sponsor a Child for Education & Food.pptxSponsor a Child for Education & Food.pptx
Sponsor a Child for Education & Food.pptx
SERUDS INDIA
 
GUIA_LEGAL_CHAPTER_6_IMMIGRATION_REGIME.pdf
GUIA_LEGAL_CHAPTER_6_IMMIGRATION_REGIME.pdfGUIA_LEGAL_CHAPTER_6_IMMIGRATION_REGIME.pdf
GUIA_LEGAL_CHAPTER_6_IMMIGRATION_REGIME.pdf
ProexportColombia1
 
一比一原版(uob学位证书)英国伯明翰大学毕业证如何办理
一比一原版(uob学位证书)英国伯明翰大学毕业证如何办理一比一原版(uob学位证书)英国伯明翰大学毕业证如何办理
一比一原版(uob学位证书)英国伯明翰大学毕业证如何办理
yzxexy
 
Russian Call Girls Visakhapatnam 8800000000 Low Rate HIgh Profile Visakhapatn...
Russian Call Girls Visakhapatnam 8800000000 Low Rate HIgh Profile Visakhapatn...Russian Call Girls Visakhapatnam 8800000000 Low Rate HIgh Profile Visakhapatn...
Russian Call Girls Visakhapatnam 8800000000 Low Rate HIgh Profile Visakhapatn...
khannsohil539
 
一比一原版办理(UQ毕业证)昆士兰大学毕业证
一比一原版办理(UQ毕业证)昆士兰大学毕业证一比一原版办理(UQ毕业证)昆士兰大学毕业证
一比一原版办理(UQ毕业证)昆士兰大学毕业证
eesme1
 
G7 Apulia Leaders Communique, June 2024 (1).pdf
G7 Apulia Leaders Communique, June 2024 (1).pdfG7 Apulia Leaders Communique, June 2024 (1).pdf
G7 Apulia Leaders Communique, June 2024 (1).pdf
Energy for One World
 
Jabatan Fungsional: Konsep, Peran & Prospeknya
Jabatan Fungsional: Konsep, Peran & ProspeknyaJabatan Fungsional: Konsep, Peran & Prospeknya
Jabatan Fungsional: Konsep, Peran & Prospeknya
Tri Widodo W. UTOMO
 
UN SDSN Sustainable Development Report 2024
UN SDSN Sustainable Development Report 2024UN SDSN Sustainable Development Report 2024
UN SDSN Sustainable Development Report 2024
Energy for One World
 
Spending in the 340B Drug Pricing Program, 2010 to 2021
Spending in the 340B Drug Pricing Program, 2010 to 2021Spending in the 340B Drug Pricing Program, 2010 to 2021
Spending in the 340B Drug Pricing Program, 2010 to 2021
Congressional Budget Office
 

Recently uploaded (20)

2024: The FAR - Federal Acquisition Regulations, Part 43
2024: The FAR - Federal Acquisition Regulations, Part 432024: The FAR - Federal Acquisition Regulations, Part 43
2024: The FAR - Federal Acquisition Regulations, Part 43
 
GUIA_LEGAL_CHAPTER_7_COLOMBIAN TAX REGIME.pdf
GUIA_LEGAL_CHAPTER_7_COLOMBIAN TAX REGIME.pdfGUIA_LEGAL_CHAPTER_7_COLOMBIAN TAX REGIME.pdf
GUIA_LEGAL_CHAPTER_7_COLOMBIAN TAX REGIME.pdf
 
Call Girls Kolkata { 7014168258 } Book High Class Models In Kolkata
Call Girls Kolkata { 7014168258 } Book High Class Models In KolkataCall Girls Kolkata { 7014168258 } Book High Class Models In Kolkata
Call Girls Kolkata { 7014168258 } Book High Class Models In Kolkata
 
Call Girls Ahmedabad 🌹 7339748667 🌹 With No Advance Payment
Call Girls Ahmedabad 🌹 7339748667 🌹 With No Advance PaymentCall Girls Ahmedabad 🌹 7339748667 🌹 With No Advance Payment
Call Girls Ahmedabad 🌹 7339748667 🌹 With No Advance Payment
 
一比一原版(Adelaide毕业证)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证)阿德莱德大学毕业证如何办理一比一原版(Adelaide毕业证)阿德莱德大学毕业证如何办理
一比一原版(Adelaide毕业证)阿德莱德大学毕业证如何办理
 
一比一原版英国阿伯丁大学毕业证(AU毕业证书)学历如何办理
一比一原版英国阿伯丁大学毕业证(AU毕业证书)学历如何办理一比一原版英国阿伯丁大学毕业证(AU毕业证书)学历如何办理
一比一原版英国阿伯丁大学毕业证(AU毕业证书)学历如何办理
 
The cost of poor health: What does rising health-related benefit spending mea...
The cost of poor health: What does rising health-related benefit spending mea...The cost of poor health: What does rising health-related benefit spending mea...
The cost of poor health: What does rising health-related benefit spending mea...
 
All Loan Insorance Are Money Problem.docx 1
All Loan Insorance Are Money Problem.docx 1All Loan Insorance Are Money Problem.docx 1
All Loan Insorance Are Money Problem.docx 1
 
SPONSORED CONTENT - Palmetier Law - Unleashing Small Business Innovations: A ...
SPONSORED CONTENT - Palmetier Law - Unleashing Small Business Innovations: A ...SPONSORED CONTENT - Palmetier Law - Unleashing Small Business Innovations: A ...
SPONSORED CONTENT - Palmetier Law - Unleashing Small Business Innovations: A ...
 
EI Statistical Review of World Energy 2024
EI Statistical Review of World Energy 2024EI Statistical Review of World Energy 2024
EI Statistical Review of World Energy 2024
 
CBO's Immigration Projections - Presentation
CBO's Immigration Projections - PresentationCBO's Immigration Projections - Presentation
CBO's Immigration Projections - Presentation
 
Sponsor a Child for Education & Food.pptx
Sponsor a Child for Education & Food.pptxSponsor a Child for Education & Food.pptx
Sponsor a Child for Education & Food.pptx
 
GUIA_LEGAL_CHAPTER_6_IMMIGRATION_REGIME.pdf
GUIA_LEGAL_CHAPTER_6_IMMIGRATION_REGIME.pdfGUIA_LEGAL_CHAPTER_6_IMMIGRATION_REGIME.pdf
GUIA_LEGAL_CHAPTER_6_IMMIGRATION_REGIME.pdf
 
一比一原版(uob学位证书)英国伯明翰大学毕业证如何办理
一比一原版(uob学位证书)英国伯明翰大学毕业证如何办理一比一原版(uob学位证书)英国伯明翰大学毕业证如何办理
一比一原版(uob学位证书)英国伯明翰大学毕业证如何办理
 
Russian Call Girls Visakhapatnam 8800000000 Low Rate HIgh Profile Visakhapatn...
Russian Call Girls Visakhapatnam 8800000000 Low Rate HIgh Profile Visakhapatn...Russian Call Girls Visakhapatnam 8800000000 Low Rate HIgh Profile Visakhapatn...
Russian Call Girls Visakhapatnam 8800000000 Low Rate HIgh Profile Visakhapatn...
 
一比一原版办理(UQ毕业证)昆士兰大学毕业证
一比一原版办理(UQ毕业证)昆士兰大学毕业证一比一原版办理(UQ毕业证)昆士兰大学毕业证
一比一原版办理(UQ毕业证)昆士兰大学毕业证
 
G7 Apulia Leaders Communique, June 2024 (1).pdf
G7 Apulia Leaders Communique, June 2024 (1).pdfG7 Apulia Leaders Communique, June 2024 (1).pdf
G7 Apulia Leaders Communique, June 2024 (1).pdf
 
Jabatan Fungsional: Konsep, Peran & Prospeknya
Jabatan Fungsional: Konsep, Peran & ProspeknyaJabatan Fungsional: Konsep, Peran & Prospeknya
Jabatan Fungsional: Konsep, Peran & Prospeknya
 
UN SDSN Sustainable Development Report 2024
UN SDSN Sustainable Development Report 2024UN SDSN Sustainable Development Report 2024
UN SDSN Sustainable Development Report 2024
 
Spending in the 340B Drug Pricing Program, 2010 to 2021
Spending in the 340B Drug Pricing Program, 2010 to 2021Spending in the 340B Drug Pricing Program, 2010 to 2021
Spending in the 340B Drug Pricing Program, 2010 to 2021
 

Cybersecurity Maturity Model Certification

  • 1. CYBERSECURITY MATURITY MODEL CERTIFICATION (CMMC) Presented by: Dr. Shawn P. Murray, C|CISO, CISSP CRISC February 18, 2020
  • 2. www.pikespeaksbdc.org Funded in part through a cooperative agreement with the U.S. Small Business Administration
  • 3. Cybersecurity Maturity Model Certification Agenda • Govt. Contracts • OUSD(A&S) Perspective • CMMC Version 1.0 • Assessing NIST SP 800-171 • CMMC Certification • Maturity levels for NIST 800-171/CMMC compliance • Questions © 2020 Colorado SBDC TechSource
  • 4. Susan Cassidy, Government Contracts Attorney • “The concept of a CMMC framework arose in response to a series of high- profile breaches of DoD information,” writes Susan Cassidy, Government Contracts Attorney, Covington.” • “This new program was designed to strengthen the defense industrial base and be a relevant benchmark to secure the supply chain, she said.” • “The framework aims to certify a company’s compliance with federal cybersecurity regulations around controlled unclassified information (CUI).” © 2020 Colorado SBDC TechSource
  • 5. OUSD(A&S) Perspective • The Office of the Under Secretary of Defense for Acquisition and Sustainment (OUSD(A&S)) recognizes that security is foundational to acquisition and should not be traded along with cost, schedule, and performance moving forward. • The Department is committed to working with the Defense Industrial Base (DIB) sector to enhance the protection of controlled unclassified information (CUI) within the supply chain. © 2020 Colorado SBDC TechSource
  • 6. CMMC Partners • OUSD(A&S) is working with DoD stakeholders, University Affiliated Research Centers (UARCs), Federally Funded Research and Development Centers (FFRDC), and industry to develop the Cybersecurity Maturity Model Certification (CMMC). • The CMMC will review and combine various cybersecurity standards and best practices and map these controls and processes across several maturity levels that range from basic cyber hygiene to advanced. • For a given CMMC level, the associated controls and processes, when implemented, will reduce risk against a specific set of cyber threats. • The CMMC effort builds upon existing regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements. • The goal is for CMMC to be cost-effective and affordable for small businesses to implement at the lower CMMC levels. • The intent is for certified independent 3rd party organizations to conduct audits and inform risk. © 2020 Colorado SBDC TechSource
  • 7. © 2020 Colorado SBDC TechSource DoD Announces Release of CMMC Version 1.0
  • 8. © 2020 Colorado SBDC TechSource
  • 9. DoD Announces the Release of CMMC Version 1.0 First: • Secretary Lord emphasized the significant national security threat that contractors and their subcontractors face from sophisticated cyber adversaries. • She noted that cyber attacks are low cost to conduct, but that in the past year alone, cyber attacks resulted in approximately $600 billion dollars of global GDP lost through cyber theft. • She also emphasized that DoD has expended considerable efforts communicating with and receiving input from industry and sees this as a key partnership between DoD and the defense industry to protect sensitive government information. © 2020 Colorado SBDC TechSource
  • 10. Second: • DoD representatives explained that DoD is taking a “crawl, walk, run” approach with implementation of the CMMC. • Although the rollout will begin this year, DoD’s goal is to have the requirement fully implemented by Fiscal Year 2026. • This year, DoD intends to select third party accreditation vendors, to be called “C3PAOs.” • Although no significant details as to content were shared, DoD also plans to publish a new DFARS regulation in late spring or in early summer. • Finally, DoD plans to add CMMC requirements to ten procurements at the end of this year with contractors and subcontractors expected to meet all applicable CMMC requirements at the time of award. • DoD’s expectation is that each individual procurement will affect a relatively large number of contractors once subcontract awards at various levels of the supply chain are taken into account. • These procurements are expected to include a mix of CMMC Levels. © 2020 Colorado SBDC TechSource DoD Announces the Release of CMMC Version 1.0
  • 11. Third: • DoD provided some insight into the Accreditation Body, which it stood up in early January 2020. • The Accreditation Body is charged with overseeing training, quality, and administration of the C3PAOs and will consist of 13 members from the defense industrial base, cybersecurity community, and academic community who self-nominate to join. • The names of the members of the Accreditation Body were not provided at the press conference, but DoD shared that the Body has elected a Chairman and that it has a Board of Directors. • DoD is currently drafting a memorandum of understanding (“MOU”) with the Accreditation Body that will outline the roles, rules, and responsibilities of the parties. • Given the sensitive information that the Accreditation Body and the auditors will have access to, the MOU is expected to address potential conflicts of interest. © 2020 Colorado SBDC TechSource DoD Announces the Release of CMMC Version 1.0
  • 12. Assessing NIST SP 800-171 • NIST Handbook 162 "NIST MEP Cybersecurity Self-Assessment Handbook For Assessing NIST SP 800-171 Security Requirements in Response to DFARS Cybersecurity Requirements.” • The Handbook provides a step-by-step guide to assessing a manufacturer’s information systems against the security requirements in NIST SP 800-171 rev 1. • In addition to helping defense contractors comply with DFARS, the Handbook may also be useful for other manufacturers interested in applying the NIST SP 800-171 security requirements, including those seeking to comply with the Controlled Unclassified Information Federal Acquisition Regulation (FAR) clause. • Additionally, manufacturers operating in commercial supply chains may consider implementing the NIST security requirements as an integral aspect of managing their organizational risks. • The MEP National NetworkTM has been active in providing awareness and assistance to help U.S. manufacturers protect their information assets from the risks of cyberattacks. • MEP Centers can provide valuable assistance to small manufacturers seeking reduction of their cyber risks and DFARS compliance. © 2020 Colorado SBDC TechSource
  • 13. CMMC Certification • To be certified at a specific Level, contractors are required not only to implement each of the Practices required for the specific Level, but also to achieve a certain level of maturity for the specific Level regarding the implementation of all the Practices. • For example, • Level 1, simply requires contractors to “Perform” the Practices, • Level 3 requires all the related Practices to be “Managed” • Level 5 requires all the Practices to be “Optimized.” © 2020 Colorado SBDC TechSource
  • 14. CMMC Certification Term Description Number Domains Key sets (or families) of cybersecurity requirements. 17 Domains in total. Capabilities Sub-set of requirements within each Domain. 43 Capabilities in total. Practices Security controls required by Level necessary to achieve a certain Capability. 171 Practices when aggregated across all certification Levels. Processes Measure of maturity (or institutionalization) of policies, plans, and activities associated with Practices. 5 Processes when aggregated across all certification Levels. © 2020 Colorado SBDC TechSource Along with the release of the updated model, DoD announced that it was working on a Defense Federal Acquisition Regulation Supplement (“DFARS”) rule that should cover some of the implementation issues associated with the CMMC.
  • 15. Maturity levels for NIST 800-171/CMMC compliance. • The Department of Defense currently mandates that its contractors meet the requirements of NIST Special Publication 800–171 but there is no audit or accountability for protecting CUI. • This shortcoming has led to the devising of the Cybersecurity Capability Model Certification (CMMC), which will require third-party audits and certification for the DoD supply chain for compliance built on the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012. • This requires defense contractors handling sensitive, unclassified information to implement the 110 security controls of NIST SP 800-171. © 2020 Colorado SBDC TechSource
  • 16. Maturity levels for NIST 800-171/CMMC compliance • Implementing cybersecurity in DoD supply chains is based on the identification of five certification tiers for CMMC: • CMMC Level 1 | Basic Cyber Hygiene | 17 security controls (NIST SP 800-171 rev 1) • CMMC Level 2 | Intermediate Cyber Hygiene | 46 security controls (NIST SP 800-171 rev 1) • CMMC Level 3 | Good Cyber Hygiene | 47 security controls (NIST SP 800-171 rev 1) • CMMC Level 4 | Proactive | 26 security controls (NIST SP 800-171B) • CMMC Level 5 | Advanced/Progressive | 4 security controls (NIST SP 800-171B) © 2020 Colorado SBDC TechSource
  • 17. The maturity levels for NIST 800-171/CMMC compliance. • Previous guidance under NIST’s SP 800-171 allowed for self- assessment, and attestation in order for companies to be awarded a certification at the appropriate CMMC level. • This year, under CMMC, organizations will now need to demonstrate to assessors and certifiers the following: • appropriate capabilities; • organizational maturity, • proper controls and processes in place to reduce the risk of specific cyberthreats. © 2020 Colorado SBDC TechSource
  • 18. Resources • https://www.acq.osd.mil/cmmc/index.html • https://www.nist.gov/mep/cybersecurity-resources-manufacturers/dfars-compliance • https://nvlpubs.nist.gov/nistpubs/hb/2017/NIST.HB.162.pdf • https://www.insidegovernmentcontracts.com/2020/02/dod-announces-the-release-of- cmmc-version-1- 0/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+InsideGove rnmentContracts+%28Inside+Government+Contracts%29 • https://www.insidegovernmentcontracts.com/2020/02/a-closer-look-at-version-1-0-of- dods-cybersecurity-maturity-model- certification/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+I nsideGovernmentContracts+%28Inside+Government+Contracts%29 © 2020 Colorado SBDC TechSource
  • 19. Questions? © 2020 Colorado SBDC TechSource Thank you!
  • 20. www.pikespeaksbdc.org Funded in part through a cooperative agreement with the U.S. Small Business Administration