SlideShare a Scribd company logo

MCGlobalTech CMMC Managed Compliance Service

Download as PPTX, PDF
William McBorrough
William McBorrough

Managed Compliance Service helping SMBs build and manage CMMC and NIST 800-171 compliance program. Are CMMC is here. Are you ready?

Services
1 of 29
Managed Compliance Service CMMC Compliance for DOD Contractors
NIST 800-171 REQUIREMENTS FOR CONTRACTORS • The FAR Clause 52.204-21 established safeguarding requirements for systems where federal contract information may reside or through which it may flow • Imposes 15 basic security controls on systems – Eg. Access Control, Identification and Authentication , Physical Security • The FAR requirements are immediately effective when a contract is awarded that contains the clause • Flow down to sub-contractors
NIST 800-171 REQUIREMENTS FOR CONTRACTORS • The DFARS Clause 252.204-7012 established a requirement for “adequate security” for the information (differs based on the type of data) – Covered Defense Information (CDI) – Controlled Technical Information – Critical Information – Export Control Information – Other information identified in the contract • The DFARS clause has flow-down requirements and requires incident reporting to both the government and the Prime contractor • The DFARS clause also grants DoD personnel access to the contractor’s system to investigate the incident
NIST 800-171 REQUIREMENTS FOR CONTRACTORS • Under the DFARS provisions, contractors were directed to implement NIST 800-171 standards “as soon as practical, but not later than December 31, 2017.” • Contractors must notify the DoD CIO, within 30 days of award, of any NIST 800-171 security requirement that has not been implemented at the time of contract award. • The DFARS clause has specific requirements for incident reporting within 72 hours.
NIST 800-171 REQUIREMENTS FOR CONTRACTORS DFARS Compliance Requirements • Assess against 110 controls defined in NIST SP 800-171 • Document compliance status with respect to each requirement • Document areas of non-compliance and remediation plans (POA&M) • Be prepared for audits and/or requests for compliance attestation / reports (reporting and audit mechanisms not yet clear) • Implement breach reporting requirements (within 72 hours)
CMMC REQUIREMENTS FOR CONTRACTORS The Cybersecurity Maturity Model Certification (CMMC) framework was launched to further enhance the protection of sensitive information relating to contractor services provide to the DoD. Sensitive information includes:  Federal Contract Information (FCI) - Information not intended for public release. It is provided by or generated for the government under a contract to develop or deliver a product or service to the Government. FCI does not include information provided by the Government to the public.  Controlled Unclassified Information (CUI) - Information the government creates or possesses, or that an entity creates or possesses for or on behalf of the government, that a law, regulation, or government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.
CMMC REQUIREMENTS FOR CONTRACTORS Additional types of CUI data include:  Controlled Technical Information (CTI) – Technical information with military or space application that is subject to controls on its access, use, reproduction, modification, performance, display, release, disclosure, or dissemination.  Covered Defense Information (CDI) – Defined in DFARS 252.204-7012 as unclassified CTI or other information, as described in the CUI registry that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies.
CMMC REQUIREMENTS FOR CONTRACTORS The CMMC framework implements a tiered approach to audit contractor compliance with NIST SP 800-171, based on five different levels of maturity expectations. The CMMC includes 17 capability domains, 43 capabilities, 5 processes across five levels to measure process maturity and 171 practices across five levels to measure technical capability.  Level 1 – Basic Cyber Hygiene: Requires 17 controls. Level 1 will likely be required of all contractors doing business with the DoD, with select practices being documented where required. Appropriate for smaller contractors that only handle FCI.  Level 2 – Intermediate Cyber Hygiene: Requires 72 controls. Level 2 is designed to be a bridge to Level 3 compliance, where contractors get into the practice of documenting each practice involving CUI.
CMMC REQUIREMENTS FOR CONTRACTORS  Level 3 – Good Cyber Hygiene: Requires 130 controls. Level 3 is a managed state where a policy has been put into place and maintained to cover all activities, with all CUI practices documented.  Level 4 – Proactive Cybersecurity: Requires 156 controls. Level 4 requires the implementation of more advanced security practices based largely on the NIST 800-171B, where activities are reviewed and measured for effectiveness.  Level 5 – Advanced/Progressive Cybersecurity: Requires 171 controls. Level 5 is the optimized state requiring highly advanced cybersecurity practices with a tested, standardized, and documented approach seen across all applicable organizational units.
CMMC REQUIREMENTS FOR CONTRACTORS
REQUIREMENTS FOR CONTRACTORS Compliance is not a one-time activity – It requires building an enterprise information security program that continuously assesses and manages risks, protects covered information and systems used for processing, storage and transmission, and monitors and detects threats with the ability to report incidents . Organization Size is not a consideration – All companies must comply. It only takes one user, one system to cause a cyber breach. Not just IT – The requirements covers your People, Policies, Processes, Technologies, Physical and Environmental, Supply Chain, etc.. You can’t outsource your compliance responsibility. You have to be able to document how your service providers/cloud services meet the control requirements.
CMMC Compliance Timeline
CONSEQUENCES FOR CONTRACTORS Companies unable to demonstrate CMMC and NIST 800-171 compliance will be severely impacted as Contracting Officers and Prime Contractors will require DFARS compliance and CMMC certification as a pre-requisite to [continue] doing business with the DOD. For companies currently doing business with the DOD, consequences of non-compliance may include contract termination for default or convenience, suspension or debarment, breach of contract damages, liquidated damages, and False Claims Act damages.
Managed Compliance Service Our Managed Compliance Service (MCS) provides full life- cycle security compliance support to help fellow small businesses meet regulatory and business security goals. Regardless of company size or service offering, the MCS helps you build and mature an enterprise information security program that protects your mission-critical People, Processes and Technologies necessary to protect you and your customers from growing cyber threats and increasingly complex regulatory requirements.
Full Life-Cycle Security Security Requirements Definition Security Design and Engineering Security Test, Validation and Reporting Security Documentation and Response
MCGlobalTech MCS Goals Security and Compliance Goals  Maintain compliance documentation  Build security policy framework  Perform vulnerability management  Perform security controls testing  Track and manage security risks  Educate and train users and system administrators  Provide security monitoring throughout environment
CMMC Managed Compliance Service The MCS provides a CMMC/NIST 800-171 baseline compliance audit against all required controls based on appropriate level and generates the required compliance documentation i.e. System Security Plan (SSP) which documents state of compliance and Plan of Action and Milestones (POAM) which documents identified gaps and remediation plans and timelines. POAM remediation is then tracked, validated and documented with quarterly assessments thus improving compliance posture and mature security program. Required on-going security controls assessments, vulnerability and risk assessments continuous monitoring, and penetration tests are scheduled as appropriate intervals. Baseline Assessment Monthly/Quarterly Checks Full Compliance
Fast Track to Compliance The MCGlobalTech Managed Compliance Service provides an efficient and cost-effective pathway to the development of the compliance program and becoming CMMC-ready as quickly as possible. Our compliance analysts and security engineers partner with you every step of the way from determining appropriate scope and compliance levels to documenting policies, plans, and milestone
Compliance Dashboard Managing a NIST 800-171/ CMMC Level 3 compliance program requires implementation, documentation, and monitoring of 130 controls to protect CUI and FCI. The MCS provides clients a compliance management dashboard to track required control implementation status and activities.
Managed Compliance Schedule MCS Compliance Schedule (Annual) Quarter 1  Documentation Review (Policies, Network Diagrams, Assets, etc.)  Compliance Scoping and CMMC Level Determination  CMMC / NIST 800-171 Policies and Procedures Development  Controls Audit and Validation  System Security Plan (SSP) Development  Plan of Action & Milestone (POAM) Development  *Discounted Security Support Services Quarter 2  Plan of Action & Milestone (POAM) Review/Update  System Security Plan (SSP) Review/Update  *Discounted Security Support Services Quarter 3  Plan of Action & Milestone (POAM) Review/Update  System Security Plan (SSP) Review/Update  *Discounted Security Support Services Quarter 4  Plan of Action & Milestone (POAM) Review/Update  System Security Plan (SSP) Review/Update  *Discounted Security Support Services
Managed Security Service The MCGlobalTech Managed Security Service (MSS) provides 24/7 monitoring of all end user systems (laptops, desktops, mobile devices, servers) and Internet-facing devices (routers, firewalls, webservers) for near real-time detect and response to cyber threats and vulnerabilities. Our MSS also helps small business clients meet security audit, monitoring and incident reporting compliance requirements of the DFARS 7012/NIST 800-171. MSS Internal & External Audits Federal Guidelines and Directives Threats and Vulnerabilities
Past Performance MCGlobalTech’s Principals have worked for and with large and small contracting and consulting firms. We have provided security expertise throughout the federal government including the Department of Defense, Intelligence and Federal Civilian Agencies. We have also provided security services to financial, healthcare and various commercial sector organizations throughout the country. A list of some of our clients we’ve helped meet the CMMC NIST 800-171 compliance requirements is provided in the following table.
Some of our DOD Contractor Clients
Key Takeaways  Size doesn’t matter.  IT service providers can help but can’t do it all.  Compliance is no longer optional.  We can help.
About MCGlobalTech – Mission Critical Global Technology Group (MCGlobalTech) is a minority owned, small business founded by industry leaders to provide strategic advisory and security consulting services to public and private sector business managers to better align technology and security programs with organizational mission and business goals. – The Principals at MCGlobalTech have been providing Information Security services to the Federal Government and the private sector for over 25 years
Leadership • William J McBorrough, MSIA, CISSP, CISA, CRISC • Chief Security Advisor, MCGlobalTech • 20+ years Information Security Professional • 12 years Adjunct College Professor - Cybersecurity • Cybersecurity Governance Risk Compliance Expert • NIST 800-171/CMMC Subject Matter Expert
Our Values At MCGlobalTech, we believe that strong values create long term relationships with our customers, employees, partners and the communities we serve. At the heart of everything we do, our corporate values are: – Providing customer satisfaction – Delivering innovative solutions – Empowering staff for success – Promoting Entrepreneurial spirit – Maintaining technical excellence Staff Skills Success
What we offer MCGlobalTech provides innovative, cost-effective, mission-critical solutions to manage security governance, risk and compliance. We specialize in the following service offerings: Security Program Development – Managed vCISO Services – Security Risk Management – CMMC/NIST Compliance – Continuous Monitoring – Technical Security Assessments
Contact Us Mission Critical Global Technology Group 1325 G Street, NW Suite 500 Washington, District of Columbia 20005 Phone: 202.355.9448 Email: Info@mcglobaltech.com William J. McBorrough Sales Division CEO/Chief Security Advisor Corporate Headquarters wjm4@mcglobaltech.com sales@mcglobaltech.com (202) 355-9448 x101 (202) 355-9448 x200 (571) 249-4677 (cell)

Recommended

MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
William McBorrough
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
Ignyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
Ignyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
Ignyte Assurance Platform
 
The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?
Unanet
 

Recommended

MCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance ProgramMCGlobalTech Managed Security Compliance Program
MCGlobalTech Managed Security Compliance Program
William McBorrough
 
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance ExplainedCMMC 2.0 I L1 & L2 Scoping Guidance Explained
CMMC 2.0 I L1 & L2 Scoping Guidance Explained
Ignyte Assurance Platform
 
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171 CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC Breakdown
Ignyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
Ignyte Assurance Platform
 
The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?The CMMC Has Arrived. Are You Ready?
The CMMC Has Arrived. Are You Ready?
Unanet
 
Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
Murray Security Services
 
Educause+V4
Educause+V4Educause+V4
Educause+V4
ecarrow
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221
SALIH AHMED ISLAM
 
Iso 9000 iso 9001
Iso 9000 iso 9001Iso 9000 iso 9001
Iso 9000 iso 9001
billgates3970
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
ControlCase
 
IT & the Auditor
IT & the AuditorIT & the Auditor
IT & the Auditor
Linda Forbes
 
Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748
Unanet
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
Christophe Briguet
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessment
Infosec
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
newbie2019
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a ciso
Max Justice
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)
ControlCase
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
genetics
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
shed59
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
Lumension
 
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJob aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
James W. De Rienzo
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
ControlCase
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.
Computer engineering company
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System Administration
Lisa Dowdell, MSISTM
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
ControlCase
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
Jack Nichelson
 

More Related Content

What's hot

Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748
Unanet
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
genetics
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
shed59
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
Lumension
 

What's hot (20)

Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model Certification
 
Educause+V4
Educause+V4Educause+V4
Educause+V4
 
Gpc case study_eng_0221
Gpc case study_eng_0221Gpc case study_eng_0221
Gpc case study_eng_0221
 
Iso 9000 iso 9001
Iso 9000 iso 9001Iso 9000 iso 9001
Iso 9000 iso 9001
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
IT & the Auditor
IT & the AuditorIT & the Auditor
IT & the Auditor
 
Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748Project Forecasting from the Perspective of an EVMA and EIA-748
Project Forecasting from the Perspective of an EVMA and EIA-748
 
Evolution of Security Management
Evolution of Security ManagementEvolution of Security Management
Evolution of Security Management
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
CMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessmentCMMC case study: Inside a CMMC assessment
CMMC case study: Inside a CMMC assessment
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
A framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a cisoA framework for an organization to use in determining if it needs a ciso
A framework for an organization to use in determining if it needs a ciso
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)
 
IT Audit methodologies
IT Audit methodologiesIT Audit methodologies
IT Audit methodologies
 
1973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_151973-16 Tackling the challenges of cyber security_19_03_15
1973-16 Tackling the challenges of cyber security_19_03_15
 
Six Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC ComplianceSix Keys to Securing Critical Infrastructure and NERC Compliance
Six Keys to Securing Critical Infrastructure and NERC Compliance
 
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwdJob aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
Job aid framework-for-improving-critical-infrastructure-cybersecurity-core-jwd
 
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the CloudPCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
 
Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.Security Management Strategies and Defense and their uses.
Security Management Strategies and Defense and their uses.
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System Administration
 

Similar to MCGlobalTech CMMC Managed Compliance Service

A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
Jack Nichelson
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
Jack Nichelson
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
Jack Nichelson
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
Withum
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
Ignyte Assurance Platform
 
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
Robert E Jones
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
amburyj3c9
 

Similar to MCGlobalTech CMMC Managed Compliance Service (20)

Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptxA Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdfDFARS CMMC SPRS NIST 800-171 Explainer.pdf
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptxA Clear Path to NIST & CMMC Compliance_ISSA.pptx
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
 
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST ComplianceWebinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
 
CMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organizationCMMC rollout: How CMMC will impact your organization
CMMC rollout: How CMMC will impact your organization
 
SOC 2 Compliance and Certification
SOC 2 Compliance and CertificationSOC 2 Compliance and Certification
SOC 2 Compliance and Certification
 
CMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBsCMMC 2.0 Explained: Impact for SMBs
CMMC 2.0 Explained: Impact for SMBs
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
 
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
 
Robert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government ContractorsRobert Nichols: Cybersecurity for Government Contractors
Robert Nichols: Cybersecurity for Government Contractors
 
Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023Kevin Else LegalTech event Feb 2023
Kevin Else LegalTech event Feb 2023
 
Supporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo LogicSupporting your CMMC initiatives with Sumo Logic
Supporting your CMMC initiatives with Sumo Logic
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
 
Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0Key New Requirements Added to PCI DSS 3.0
Key New Requirements Added to PCI DSS 3.0
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Soc 2 Compliance.pdf
Soc 2 Compliance.pdfSoc 2 Compliance.pdf
Soc 2 Compliance.pdf
 

More from William McBorrough

MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
William McBorrough
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
William McBorrough
 

More from William McBorrough (20)

MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement MCGlobalTech Cyber Capability Statement
MCGlobalTech Cyber Capability Statement
 
Cybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen CyberCybersecurity Career Information by Next Gen Cyber
Cybersecurity Career Information by Next Gen Cyber
 
Improving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity FrameworkImproving Cyber Readiness with the NIST Cybersecurity Framework
Improving Cyber Readiness with the NIST Cybersecurity Framework
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
MCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk ManagementMCG Cybersecurity Webinar Series - Risk Management
MCG Cybersecurity Webinar Series - Risk Management
 
MCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability StatementMCGlobalTech Commercial Cybersecurity Capability Statement
MCGlobalTech Commercial Cybersecurity Capability Statement
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
MCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management ProgramMCGlobalTech Enterprise Risk Management Program
MCGlobalTech Enterprise Risk Management Program
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
 
MCG_OnePageBrochure_Final
MCG_OnePageBrochure_FinalMCG_OnePageBrochure_Final
MCG_OnePageBrochure_Final
 
MCGlobalTech Service Presentation
MCGlobalTech Service PresentationMCGlobalTech Service Presentation
MCGlobalTech Service Presentation
 
Information Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management FrameworkInformation Security Continuous Monitoring within a Risk Management Framework
Information Security Continuous Monitoring within a Risk Management Framework
 
MCGlobalTech Capability Statement
MCGlobalTech Capability StatementMCGlobalTech Capability Statement
MCGlobalTech Capability Statement
 
Managing Security Risks in Manufacturing
Managing Security Risks in ManufacturingManaging Security Risks in Manufacturing
Managing Security Risks in Manufacturing
 
Cyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial IndustryCyber Crime Threat Landscape - A Focus on the Financial Industry
Cyber Crime Threat Landscape - A Focus on the Financial Industry
 
Protecting Customer Confidential Information
Protecting Customer Confidential InformationProtecting Customer Confidential Information
Protecting Customer Confidential Information
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
Need for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure ProtectionNeed for Improved Critical Industrial Infrastructure Protection
Need for Improved Critical Industrial Infrastructure Protection
 
No National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law PleaseNo National 'Stand Your Cyberground' Law Please
No National 'Stand Your Cyberground' Law Please
 
FCC Report on Google Street View Wi-Fi Data Snooping
FCC Report on Google Street View Wi-Fi Data SnoopingFCC Report on Google Street View Wi-Fi Data Snooping
FCC Report on Google Street View Wi-Fi Data Snooping
 

Recently uploaded

Maximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management SystemsMaximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management Systems
Irri Design Studio
 
TitleD,R Abortion Clinic In Bulawayo⋑ +263778731218,/////Abortion Pills In .B...
TitleD,R Abortion Clinic In Bulawayo⋑ +263778731218,/////Abortion Pills In .B...TitleD,R Abortion Clinic In Bulawayo⋑ +263778731218,/////Abortion Pills In .B...
TitleD,R Abortion Clinic In Bulawayo⋑ +263778731218,/////Abortion Pills In .B...
sisternakatoto
 
Office Chairs | Highmoon Office Furniture | Best Quality Ergonomic Chairs
Office Chairs | Highmoon Office Furniture | Best Quality Ergonomic ChairsOffice Chairs | Highmoon Office Furniture | Best Quality Ergonomic Chairs
Office Chairs | Highmoon Office Furniture | Best Quality Ergonomic Chairs
akhiladhaneesh5272
 
Islamabad No 1 Amil Baba In Pakistan amil baba kala ilm.docx
Islamabad No 1 Amil Baba In Pakistan amil baba kala ilm.docxIslamabad No 1 Amil Baba In Pakistan amil baba kala ilm.docx
Islamabad No 1 Amil Baba In Pakistan amil baba kala ilm.docx
amilabibi1
 
School Certificate Attestation in the UAE
School Certificate Attestation in the UAESchool Certificate Attestation in the UAE
School Certificate Attestation in the UAE
Attestation On Time
 

Recently uploaded (20)

Maximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management SystemsMaximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management Systems
 
Embracing the Digital Coven: Exploring Online Wicca Courses
Embracing the Digital Coven: Exploring Online Wicca CoursesEmbracing the Digital Coven: Exploring Online Wicca Courses
Embracing the Digital Coven: Exploring Online Wicca Courses
 
open educational resources power point 3
open educational resources power point 3open educational resources power point 3
open educational resources power point 3
 
Waikiki Sunset Catamaran ! MAITAI Catamaran
Waikiki Sunset Catamaran ! MAITAI CatamaranWaikiki Sunset Catamaran ! MAITAI Catamaran
Waikiki Sunset Catamaran ! MAITAI Catamaran
 
Hire RoR Developers - ☎ +1 9177322215
Hire RoR Developers - ☎ +1 9177322215Hire RoR Developers - ☎ +1 9177322215
Hire RoR Developers - ☎ +1 9177322215
 
TitleD,R Abortion Clinic In Bulawayo⋑ +263778731218,/////Abortion Pills In .B...
TitleD,R Abortion Clinic In Bulawayo⋑ +263778731218,/////Abortion Pills In .B...TitleD,R Abortion Clinic In Bulawayo⋑ +263778731218,/////Abortion Pills In .B...
TitleD,R Abortion Clinic In Bulawayo⋑ +263778731218,/////Abortion Pills In .B...
 
Courier & Package Tracking System Actually Works
Courier & Package Tracking System Actually WorksCourier & Package Tracking System Actually Works
Courier & Package Tracking System Actually Works
 
Are Seamless Gutters Worth It? Explore now
Are Seamless Gutters Worth It? Explore nowAre Seamless Gutters Worth It? Explore now
Are Seamless Gutters Worth It? Explore now
 
Get your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Get your dream bridal look with top North Indian makeup artist - Pallavi KadaleGet your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Get your dream bridal look with top North Indian makeup artist - Pallavi Kadale
 
Office Chairs | Highmoon Office Furniture | Best Quality Ergonomic Chairs
Office Chairs | Highmoon Office Furniture | Best Quality Ergonomic ChairsOffice Chairs | Highmoon Office Furniture | Best Quality Ergonomic Chairs
Office Chairs | Highmoon Office Furniture | Best Quality Ergonomic Chairs
 
ACDC Infra - A Green Energy Company in Delhi NCR
ACDC Infra - A Green Energy Company in Delhi NCRACDC Infra - A Green Energy Company in Delhi NCR
ACDC Infra - A Green Energy Company in Delhi NCR
 
NEWMAT Stretch Ceilings Service Provider in India
NEWMAT Stretch Ceilings Service Provider in IndiaNEWMAT Stretch Ceilings Service Provider in India
NEWMAT Stretch Ceilings Service Provider in India
 
Chandigarh call garal serives 9512450098
Chandigarh call garal serives 9512450098Chandigarh call garal serives 9512450098
Chandigarh call garal serives 9512450098
 
Delightful Finds: Unveiling the Power of Gifts Under 100
Delightful Finds: Unveiling the Power of Gifts Under 100Delightful Finds: Unveiling the Power of Gifts Under 100
Delightful Finds: Unveiling the Power of Gifts Under 100
 
Islamabad No 1 Amil Baba In Pakistan amil baba kala ilm.docx
Islamabad No 1 Amil Baba In Pakistan amil baba kala ilm.docxIslamabad No 1 Amil Baba In Pakistan amil baba kala ilm.docx
Islamabad No 1 Amil Baba In Pakistan amil baba kala ilm.docx
 
WORK PERMIT IN BULGARIA | Work Visa Services
WORK PERMIT IN BULGARIA | Work Visa ServicesWORK PERMIT IN BULGARIA | Work Visa Services
WORK PERMIT IN BULGARIA | Work Visa Services
 
School Certificate Attestation in the UAE
School Certificate Attestation in the UAESchool Certificate Attestation in the UAE
School Certificate Attestation in the UAE
 
New Portal - Task - Create Backlinks.docx
New Portal - Task - Create Backlinks.docxNew Portal - Task - Create Backlinks.docx
New Portal - Task - Create Backlinks.docx
 
Elevate Your Brand with Digital Marketing for Fashion Industry
Elevate Your Brand with Digital Marketing for Fashion IndustryElevate Your Brand with Digital Marketing for Fashion Industry
Elevate Your Brand with Digital Marketing for Fashion Industry
 
Inspect Edge & NSPIRE Inspection Application - Streamline Housing Inspections
Inspect Edge & NSPIRE Inspection Application - Streamline Housing InspectionsInspect Edge & NSPIRE Inspection Application - Streamline Housing Inspections
Inspect Edge & NSPIRE Inspection Application - Streamline Housing Inspections
 

MCGlobalTech CMMC Managed Compliance Service

  • 1. Managed Compliance Service CMMC Compliance for DOD Contractors
  • 2. NIST 800-171 REQUIREMENTS FOR CONTRACTORS • The FAR Clause 52.204-21 established safeguarding requirements for systems where federal contract information may reside or through which it may flow • Imposes 15 basic security controls on systems – Eg. Access Control, Identification and Authentication , Physical Security • The FAR requirements are immediately effective when a contract is awarded that contains the clause • Flow down to sub-contractors
  • 3. NIST 800-171 REQUIREMENTS FOR CONTRACTORS • The DFARS Clause 252.204-7012 established a requirement for “adequate security” for the information (differs based on the type of data) – Covered Defense Information (CDI) – Controlled Technical Information – Critical Information – Export Control Information – Other information identified in the contract • The DFARS clause has flow-down requirements and requires incident reporting to both the government and the Prime contractor • The DFARS clause also grants DoD personnel access to the contractor’s system to investigate the incident
  • 4. NIST 800-171 REQUIREMENTS FOR CONTRACTORS • Under the DFARS provisions, contractors were directed to implement NIST 800-171 standards “as soon as practical, but not later than December 31, 2017.” • Contractors must notify the DoD CIO, within 30 days of award, of any NIST 800-171 security requirement that has not been implemented at the time of contract award. • The DFARS clause has specific requirements for incident reporting within 72 hours.
  • 5. NIST 800-171 REQUIREMENTS FOR CONTRACTORS DFARS Compliance Requirements • Assess against 110 controls defined in NIST SP 800-171 • Document compliance status with respect to each requirement • Document areas of non-compliance and remediation plans (POA&M) • Be prepared for audits and/or requests for compliance attestation / reports (reporting and audit mechanisms not yet clear) • Implement breach reporting requirements (within 72 hours)
  • 6. CMMC REQUIREMENTS FOR CONTRACTORS The Cybersecurity Maturity Model Certification (CMMC) framework was launched to further enhance the protection of sensitive information relating to contractor services provide to the DoD. Sensitive information includes:  Federal Contract Information (FCI) - Information not intended for public release. It is provided by or generated for the government under a contract to develop or deliver a product or service to the Government. FCI does not include information provided by the Government to the public.  Controlled Unclassified Information (CUI) - Information the government creates or possesses, or that an entity creates or possesses for or on behalf of the government, that a law, regulation, or government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.
  • 7. CMMC REQUIREMENTS FOR CONTRACTORS Additional types of CUI data include:  Controlled Technical Information (CTI) – Technical information with military or space application that is subject to controls on its access, use, reproduction, modification, performance, display, release, disclosure, or dissemination.  Covered Defense Information (CDI) – Defined in DFARS 252.204-7012 as unclassified CTI or other information, as described in the CUI registry that requires safeguarding or dissemination controls pursuant to and consistent with law, regulations, and government-wide policies.
  • 8. CMMC REQUIREMENTS FOR CONTRACTORS The CMMC framework implements a tiered approach to audit contractor compliance with NIST SP 800-171, based on five different levels of maturity expectations. The CMMC includes 17 capability domains, 43 capabilities, 5 processes across five levels to measure process maturity and 171 practices across five levels to measure technical capability.  Level 1 – Basic Cyber Hygiene: Requires 17 controls. Level 1 will likely be required of all contractors doing business with the DoD, with select practices being documented where required. Appropriate for smaller contractors that only handle FCI.  Level 2 – Intermediate Cyber Hygiene: Requires 72 controls. Level 2 is designed to be a bridge to Level 3 compliance, where contractors get into the practice of documenting each practice involving CUI.
  • 9. CMMC REQUIREMENTS FOR CONTRACTORS  Level 3 – Good Cyber Hygiene: Requires 130 controls. Level 3 is a managed state where a policy has been put into place and maintained to cover all activities, with all CUI practices documented.  Level 4 – Proactive Cybersecurity: Requires 156 controls. Level 4 requires the implementation of more advanced security practices based largely on the NIST 800-171B, where activities are reviewed and measured for effectiveness.  Level 5 – Advanced/Progressive Cybersecurity: Requires 171 controls. Level 5 is the optimized state requiring highly advanced cybersecurity practices with a tested, standardized, and documented approach seen across all applicable organizational units.
  • 10. CMMC REQUIREMENTS FOR CONTRACTORS
  • 11. REQUIREMENTS FOR CONTRACTORS Compliance is not a one-time activity – It requires building an enterprise information security program that continuously assesses and manages risks, protects covered information and systems used for processing, storage and transmission, and monitors and detects threats with the ability to report incidents . Organization Size is not a consideration – All companies must comply. It only takes one user, one system to cause a cyber breach. Not just IT – The requirements covers your People, Policies, Processes, Technologies, Physical and Environmental, Supply Chain, etc.. You can’t outsource your compliance responsibility. You have to be able to document how your service providers/cloud services meet the control requirements.
  • 13. CONSEQUENCES FOR CONTRACTORS Companies unable to demonstrate CMMC and NIST 800-171 compliance will be severely impacted as Contracting Officers and Prime Contractors will require DFARS compliance and CMMC certification as a pre-requisite to [continue] doing business with the DOD. For companies currently doing business with the DOD, consequences of non-compliance may include contract termination for default or convenience, suspension or debarment, breach of contract damages, liquidated damages, and False Claims Act damages.
  • 14. Managed Compliance Service Our Managed Compliance Service (MCS) provides full life- cycle security compliance support to help fellow small businesses meet regulatory and business security goals. Regardless of company size or service offering, the MCS helps you build and mature an enterprise information security program that protects your mission-critical People, Processes and Technologies necessary to protect you and your customers from growing cyber threats and increasingly complex regulatory requirements.
  • 15. Full Life-Cycle Security Security Requirements Definition Security Design and Engineering Security Test, Validation and Reporting Security Documentation and Response
  • 16. MCGlobalTech MCS Goals Security and Compliance Goals  Maintain compliance documentation  Build security policy framework  Perform vulnerability management  Perform security controls testing  Track and manage security risks  Educate and train users and system administrators  Provide security monitoring throughout environment
  • 17. CMMC Managed Compliance Service The MCS provides a CMMC/NIST 800-171 baseline compliance audit against all required controls based on appropriate level and generates the required compliance documentation i.e. System Security Plan (SSP) which documents state of compliance and Plan of Action and Milestones (POAM) which documents identified gaps and remediation plans and timelines. POAM remediation is then tracked, validated and documented with quarterly assessments thus improving compliance posture and mature security program. Required on-going security controls assessments, vulnerability and risk assessments continuous monitoring, and penetration tests are scheduled as appropriate intervals. Baseline Assessment Monthly/Quarterly Checks Full Compliance
  • 18. Fast Track to Compliance The MCGlobalTech Managed Compliance Service provides an efficient and cost-effective pathway to the development of the compliance program and becoming CMMC-ready as quickly as possible. Our compliance analysts and security engineers partner with you every step of the way from determining appropriate scope and compliance levels to documenting policies, plans, and milestone
  • 19. Compliance Dashboard Managing a NIST 800-171/ CMMC Level 3 compliance program requires implementation, documentation, and monitoring of 130 controls to protect CUI and FCI. The MCS provides clients a compliance management dashboard to track required control implementation status and activities.
  • 20. Managed Compliance Schedule MCS Compliance Schedule (Annual) Quarter 1  Documentation Review (Policies, Network Diagrams, Assets, etc.)  Compliance Scoping and CMMC Level Determination  CMMC / NIST 800-171 Policies and Procedures Development  Controls Audit and Validation  System Security Plan (SSP) Development  Plan of Action & Milestone (POAM) Development  *Discounted Security Support Services Quarter 2  Plan of Action & Milestone (POAM) Review/Update  System Security Plan (SSP) Review/Update  *Discounted Security Support Services Quarter 3  Plan of Action & Milestone (POAM) Review/Update  System Security Plan (SSP) Review/Update  *Discounted Security Support Services Quarter 4  Plan of Action & Milestone (POAM) Review/Update  System Security Plan (SSP) Review/Update  *Discounted Security Support Services
  • 21. Managed Security Service The MCGlobalTech Managed Security Service (MSS) provides 24/7 monitoring of all end user systems (laptops, desktops, mobile devices, servers) and Internet-facing devices (routers, firewalls, webservers) for near real-time detect and response to cyber threats and vulnerabilities. Our MSS also helps small business clients meet security audit, monitoring and incident reporting compliance requirements of the DFARS 7012/NIST 800-171. MSS Internal & External Audits Federal Guidelines and Directives Threats and Vulnerabilities
  • 22. Past Performance MCGlobalTech’s Principals have worked for and with large and small contracting and consulting firms. We have provided security expertise throughout the federal government including the Department of Defense, Intelligence and Federal Civilian Agencies. We have also provided security services to financial, healthcare and various commercial sector organizations throughout the country. A list of some of our clients we’ve helped meet the CMMC NIST 800-171 compliance requirements is provided in the following table.
  • 23. Some of our DOD Contractor Clients
  • 24. Key Takeaways  Size doesn’t matter.  IT service providers can help but can’t do it all.  Compliance is no longer optional.  We can help.
  • 25. About MCGlobalTech – Mission Critical Global Technology Group (MCGlobalTech) is a minority owned, small business founded by industry leaders to provide strategic advisory and security consulting services to public and private sector business managers to better align technology and security programs with organizational mission and business goals. – The Principals at MCGlobalTech have been providing Information Security services to the Federal Government and the private sector for over 25 years
  • 26. Leadership • William J McBorrough, MSIA, CISSP, CISA, CRISC • Chief Security Advisor, MCGlobalTech • 20+ years Information Security Professional • 12 years Adjunct College Professor - Cybersecurity • Cybersecurity Governance Risk Compliance Expert • NIST 800-171/CMMC Subject Matter Expert
  • 27. Our Values At MCGlobalTech, we believe that strong values create long term relationships with our customers, employees, partners and the communities we serve. At the heart of everything we do, our corporate values are: – Providing customer satisfaction – Delivering innovative solutions – Empowering staff for success – Promoting Entrepreneurial spirit – Maintaining technical excellence Staff Skills Success
  • 28. What we offer MCGlobalTech provides innovative, cost-effective, mission-critical solutions to manage security governance, risk and compliance. We specialize in the following service offerings: Security Program Development – Managed vCISO Services – Security Risk Management – CMMC/NIST Compliance – Continuous Monitoring – Technical Security Assessments
  • 29. Contact Us Mission Critical Global Technology Group 1325 G Street, NW Suite 500 Washington, District of Columbia 20005 Phone: 202.355.9448 Email: Info@mcglobaltech.com William J. McBorrough Sales Division CEO/Chief Security Advisor Corporate Headquarters wjm4@mcglobaltech.com sales@mcglobaltech.com (202) 355-9448 x101 (202) 355-9448 x200 (571) 249-4677 (cell)

Editor's Notes

  1. -