The document outlines a webinar hosted by Magnet focused on cybersecurity for small to medium manufacturing businesses, highlighting significant concerns such as the current state of the industry, Biden's executive order, and the Cybersecurity Maturity Model Certification (CMMC). Key speakers include Max Aulakh and Joe Vinciquerra, who discuss strategies for improving cybersecurity and compliance. It emphasizes the importance of partnerships and training in managing cybersecurity risks and enhancing business resilience.

1. LIVE WEBINAR 15 June 2021
Ignyte Assurance Platform hosted by MAGNET: The Manufacturing Advocacy and Growth Network
Max Aulakh
Founder & CEO
Ignyte Assurance Platform
Joe Vinciquerra
Growth & Innovation Advisor
MAGNET
OHIO SUPPLY CHAIN SECURITY
for Small-Medium Businesses
Justus Scott
Cybersecurity Awareness Advisor
Ignyte Assurance Platform

2. Topics to Cover Today
● Introductions
● Current State of Industry
● Biden’s Executive Order
● Small Business Security
● CMMC Framework
● Educational Resources for Cybersecurity
Maturity Model Certification (CMMC)
● Summary & Next Steps

3. MAGNET Introduction

4. Did you know…
Average
employee salary
$72,000
#3 Ohio ranks third in the nation for manufacturing employment
In Ohio, manufacturing
accounts for more than
700,000 jobs
2016 Ohio Manufacturing Counts, Ohio Manufacturers Association
Every manufacturing
job drives
3.6 other jobs

5. Top 5 Growing Concerns
Cyber Security and Online Hacking
Costs of Healthcare Coverage
Succession Planning and Future
Leadership
Managing Supply Chain
Relationships
Retirement of
Skilled
Workers
69%
47%
57%
40%
23%
MAGNET 2018 NEO Manufacturing Survey, Under 250 employees, Q17
What are Northeast Ohio manufacturers most concerned about?

6. A not-for-profit consulting firm comprised of manufacturing experts who roll up our sleeves to transform
smart ideas into top and bottom line company growth, resulting in good jobs for our cities and counties
MAGNET’s aim is to add value and
create economic impact so that:
Jobs are being created
The value of companies is increasing
New products are being manufactured
What is MAGNET?

7. Top-Line Growth
Innovation/Technology
Bottom-Line Efficiency
MAGNET
Growth
Services
…to create
high quality jobs
across Northeast Ohio
that drive our economy
forward, especially for
small manufacturers
MAGNET seeks to support manufacturers through hands-on consulting…

8. Business Growth Strategy
Marketing Strategy and Execution
Sales Enablement
Top-Line Growth
Innovation/Technolog
y
Bottom-Line Efficiency
MAGNET
Growth
Services
Recapture | Retain | Penetrate | Diversify
Brand Identity, Differentiation, Market Messaging,
Market Research, Product/Market Management,
Lead Generation, Integrated Marketing
Goal Setting, Pipeline Management, CRM, Sales
Training, Sales Management, Target Account
Strategy and Distributor Development
MAGNET’s approach to top-line growth

9. MAGNET’s approach to innovation/technology
Products, Processes and Automation
New Product/Process Development
Incorporating New Technologies
Top-Line
Growth
Innovation/Technology
Bottom-Line Efficiency
MAGNET
Growth
Services
Value engineering to take cost out
User experience research to design better products
Return on investment calculations
Customer Discovery | Market Satisfaction Gap |
Identification | Ideation | Market Validation | Prototyping
Introductions to new technologies
Assessments to identify uses and benefits of new
technologies

10. MAGNET’s approach to bottom-line efficiency
Top-Line
Growth
Innovation/Technolog
y
Bottom-Line Efficiency
MAGNET
Growth
Services
Skills Development
Leadership and Culture
Operational Excellence
Focus on job skills and cross-training to promote standard
work and workforce (link training to community colleges)
Focus on systems improvement as set by leadership to
increase customer value
Focus on strategy and leadership of change efforts

11. MAGNET’s Goal:
#3 #1
Toda
y
Tomorro
w
To support Ohio manufacturing
in its journey to #1 in the USA

12. Meet Our Speakers
Max Aulakh
Founder & CEO
As a Data Security and Compliance Leader, he delivers
DoD-tested security strategies and compliance that
safeguard mission-critical IT operations. Having trained and
excelled in The United States Air Force, he maintained and
tested the InfoSec and ComSec functions of network
hardware, software, and IT infrastructure for global networks
— both classified and unclassified. He drove the Information
Assurance (IA) programs for the U.S. Department of
Defense (DoD). In 2012, Max founded Ignyte Assurance
Platform, a cybersecurity company powered by a
transformative GRC software engine, and its newest
educational subsidiary, Ignyte Institute, to help accelerate
CMMC adaptation among DoD prime and subcontractors.
Joe Vinciquerra
Growth & Innovation Advisor
With over 25 years of experience in engineering
and manufacturing, Joe Vinciquerra has
developed, sold, and delivered various growth
and innovation services to companies in
Northeast Ohio. Before joining the MAGNET
team in 2016, he worked as a sales director and
senior application engineer for Water Star Inc.,
a company specializing in the innovation,
development, and manufacture of precious
metal coated titanium anodes. Joe is an ASQ
Certified Quality Engineer and holds
a Bachelors of Science in Mechanical
Engineering from The Ohio State University.
S
P
E
C
I
A
L
G
U
E
S
T
Justus Scott
CMMC Awareness Advisor
Recently joining Ignyte, Justus brings
previous experience working in BPM and
RPA environments, helping Manufacturers
adapt to the growing need for digital
transformation. Justus' focus at Ignyte
Assurance Platform is now helping
Manufacturers with CMMC awareness
and advisory.

13. From gas to meat, hackers are hitting the nation, and
consumers, where it hurts
• JBS Cyberattack
• Colonial Pipeline
• Microsoft Exchange Server Cyber Attack
• Poisoning a Florida based water utility through Cyber Attack
• Channel Nine 9 cyber attack
• CNA Financial
• Harris Federation
• Acer
• Airplane Manufacturer Bombardier
• Accellion Supply Chain Attack
• Sierra Wireless Attack

14. DHS CISA: 16 Critical Sectors of US Economy

15. Executive Order 14028
∙ Sets goals and directions primarily for the Federal Civilian Executive
Branch (FCEB)
∙ Aligns policy by updating the FAR, FedRAMP, and NIST Standards
∙ Moves the USG to a Zero Trust Architecture, Secure Cloud Services,
and to protecting software supply chains
∙ Increases the sharing of information relating to cyber incidents
∙ Moves the USG to Sets standard for encryption at rest and transit;
multi-factor authentication; and endpoint detection and response
∙ Builds a FECB Cyber Incident Response Playbook
Improving the Nation’s Cybersecurity
May 12, 2021 • Presidential Actions

16. EMERGING LEGISLATIONS
4
2
1
3
DFARS 252.204 7012:
Safeguarding Covered Defense Information
and Cyber Incident Reporting
DFARS 252.204 7020:
NIST SP 800 171 DoD Assessment
Requirements
DFARS 252.204 7019:
Notice of NIST SP 800 171 DoD
Assessment Requirements
DFARS 252.204 7021:
Cybersecurity Maturity Model
Certification Requirements

17. Potential Business Impacts
Inadequate security controls leading
to internal breach of CUI and FCI.
● Engineering Data & Drawings
● Internal Data Theft
Report Cyber Incidents to DoD at
http://dibnet.dod.mil within 72 Hours
Increasing cost of both
Technology & Compliance
● Decrease quality and
effectiveness of current
technology implementations
Potential issues with Prime for
not following contract flow down
requirement.
● Loss of business revenue
3 Major SMB Impacts
1 3
2

18. SMALL BUSINESS
CYBERSECURITY

19. CYBER versus. IT Operations
● 80 to 90% of Small Businesses Procure IT
through MSP or an outside provider
● IT Providers are part of the overall supplier
base (they are critical to partner with)
● IT can help with around 30 to 40% of risk
management areas
● Remaining areas require the following
disciplines:
○ Legal advisory
○ Financial risk management
○ Business disruption & crisis planning
○ Technology Risks

20. SMB Internal Security Perspective
Products
• Inputs & Outputs (OV-5b)
• Applications (SvcV-1, SvcV-2, SvcV-3a)
• Tools (SvcV-9)
• Data (DIV-1, DIV-2, DIV-3)
• Dictionary (AV-2, CV-2)
• Asset Visibility
• Requirements Traceability
• Associated Segments (PV-1)
Technology
• Solution Design (OV-1, OV-2)
• Topology (SV-1)
• Physical
• Logical
• Crypto/Security
• Management
• Modernization
• Materiel
• Facilities
• Lifecycle Management
Assessment
• Metrics (SvcV-7)
• Sunset / Review Criteria
Corporate Risk
• Impact
• Threat Vectors
• Security Engineering
• Security Assessment and Testing
• Security Operations
• Threat Indicators and Warnings
Processes
• Policy
• Business Processes (OV-6b)
• Applicable Standards (StdV-1)
• Management
• Governance
People
• Organization (structure & equipment)
• Training
• Personnel (Manpower)
• Training and Skills (SvcV-9)
• Organizational Roles & Responsibilities
• User Experience
• Human Behavior
• Complexity
• Suppliers
• Customers
Priority
• Operational Need
• ROM
• Resourcing / Resource Plan
• Estimated time to implement @ level
Architecture describes the relationships between:
Processes Risk Assessment
Products Priority
Technology
People

21. Small Business External Perspective | CMMC Based Supplier Program
1. Design & Architect Technology Supplier
Program
a. Policies & Procedures
b. Risk Taxonomy & Classification
2. Inventory Critical Contracts (Highest value)
3. Inventory Critical Vendors (Data & Access)
4. Train & socialize the program w/suppliers
5. Develop assessments
6. Conduct assessment
a. Manage data collection concerns
7. Automate the Program

22. LEVERAGING CMMC AS A STARTING POINT
Level Description
1
Consists of the 15 basic safeguarding requirements from FAR
clause 52.204-21.
2
Consists of 65 security requirements from NIST SP 800-171
implemented via DFARS clause 252.204-7012, 7 CMMC
practices, and 2 CMMC processes. Intended as an optional
intermediary step for contractors as part of their progression
to Level 3.
3
Consists of all 110 security requirements from NIST SP 800-
171, 20 CMMC practices, and 3 CMMC processes.
4
Consists of all 110 security requirements from NIST SP 800-
171, 46 CMMC practices, and 4 CMMC processes.
5
Consists of all 110 security requirements from NIST SP 800-
171, 61 CMMC practices, and 5 CMMC processes.

23. CMMC Level 1
● Meeting the basic requirements to protect Federal Contract Information (FCI):
○ an up-to-date antivirus software application,
○ strong passwords,
○ unauthorized third parties protection.
● FCI is not intended for public release.
● Minimal efforts required to strengthen the cybersecurity defenses.
Which CMMC level is right for your business?
CMMC Level 2
● Introducing Controlled Unclassified Information (CUI).
● Standard cybersecurity practices, policies, and strategic plans.
● Major subset of the security requirements specified in NIST SP 800-171.
● 55 new practices for a total of 72 total practices.
CMMC Level 3
● Good cyber hygiene and controls necessary to protect CUI.
● Continuous review of all activities based on their cybersecurity policy.
● All requirements specified in NIST SP 800-171 and other similar standards.
● 130 required security controls, grouped into 17 domains.
CMMC Level 4 and Level 5
● Addressing the changing tactics, techniques, and procedures used by Advanced
Persistent Threats (APTs).
● Proactive cybersecurity program and standardized processes to achieve
consistency across the entire organization.
● 171 security controls, which are grouped into 17 domains.

24. Starting Cyber Journey

25. Small Business Cybersecurity Path
Strategy
Start with a strategy and
a clear understanding of
where you want to go
Partner
with risk advisory and suppliers
throughout your ecosystem. Ensure to
transfer risk properly.
Leverage
shared standards
like CMMC

26. Ignyte Training Program Resources
Resources are aligned with various stages of managing the CMMC program for Ohio small businesses
Program Metrics &
Management
SSP & POA&M
Deliverables
Guided Assessment
Training
Program Deliverables
● DoD Training Website - https://securityhub.usalearning.gov/content/story.html
● Ignyte Institute Practitioner Level & Senior Management Training - https://www.ignyteinstitute.org/
● CMMC System Security Plan Development - https://ignyteplatform.com/solutions/cmmc/
● NIST 171 Documentaton - https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final
● SSP & Other Plan of Action & Milestones (POA&M) - https://ignyteplatform.com/solutions/cmmc/

27. CMMC Education & Training
Ignyte Institute Courses
Senior Management Course (20 Mins)
Practitioner Level Course (1 hour)
DoD Issued CUI Training
What is CUI and How to recognize it?

28. Ignyte Assurance Team

29. Ignyte Assurance Platform Overview
Compliance Policy Vendor Management Business Continuity Threat & Vulnerability Enterprise Risk
Controls Catalogs Single Database Audit Ready Controls Notification Contextual Mapping
Analytics & Benchmarks Workflow Engine Secure & Compliant Reports & Dashboards Scalable Infrastructure
Knowledge Base Subject Matter Expert
Support
Consortia-Driven
Ecosystem
Unified Platform Micro-Apps

30. Summary

31. Key Takeaways
✔Ignyte Assurance Team & Platform
✔Multiple Attacks on Suppliers
✔Biden’s Executive Order
✔Training & ownership of knowledge
✔Start with a risk management program
✔Get Help ASAP & reach out

32. Next Steps & Questions?
Thank you
Point of Contact
Joe Vinciquerra
Growth & Innovation
Advisor
Justus Scott
CMMC Awareness
Advisor
Point of Contact
justus@ignyteplatform.com jvinciquerra@manufacturingsuccess.org