ControlCase, profile picture
Uploaded byControlCase
PPTX, PDF963 views

Webinar - CMMC Certification.pptx

The document outlines a webinar presented by ControlCase focused on Cybersecurity Maturity Model Certification (CMMC), detailing its significance for defense industrial base contractors and the various certification levels involved. It emphasizes ControlCase's role as a registered provider organization (RPO) that assists clients in achieving and maintaining CMMC compliance efficiently. The document also provides an overview of CMMC processes, terms, and ControlCase's offerings to streamline compliance efforts.

Embed presentation

Downloaded 27 times
WEBINAR: CMMC COMPLIANCE YOUR IT COMPLIANCE PARTNER – GO BEYOND THE CHECKLIST Download CMMC Compliance Checklist CMMC Compliance Blog Schedule CMMC Compliance Discussion
ControlCase Introduction What is CMMC? Who does CMMC apply to? What is the CMMC accreditation body (CMMC-AB)? What are the CMMC certification levels? What is a CMMC Registered Provider Organization (RPO)? What is a CMMC Third-Party Organization (C3PAO)? CMMC and NIST What is the CMMC Assessment process Why ControlCase? Agenda © 2021 ControlCase. All Rights Reserved. 2 1 2 3 4 5 6 7 8 9 10
CONTROLCASE INTRODUCTION 1 © 2021 ControlCase. All Rights Reserved. 3
ControlCase Snapshot © 2021 ControlCase. All Rights Reserved. 4 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
Solution © 2021 ControlCase. All Rights Reserved. 5 Certification and Continuous Compliance Services “ I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
CMMC RPO ISO 27001-2 SOC 1,2,3,& Cybersecurity HITRUST CSF HIPAA PCI DSS GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS One Audit™ Assess Once. Comply to Many. Certification Services © 2021 ControlCase. All Rights Reserved. 6 “ You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant
WHAT IS CMMC? 2 © 2021 ControlCase. All Rights Reserved. 7
Cybersecurity Maturity Model Certification (CMMC) CMMC is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). CMMC 1.0 Released by the US Department of Defense (DoD) and became effective November, 2020. CMMC 2.0 Released November 2021 CMMC ensures that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. What is CMMC? © 2021 ControlCase. All Rights Reserved. 8
FCI refers to Information that is collected, created or received pursuant to a government contract. The information is not marked as "public" or "for public release“. Could be information used to develop a product or service. What is Federal Contract Information (FCI)? © 2021 ControlCase. All Rights Reserved. 9
CUI refers to sensitive information that laws, Federal regulations, or Government-wide policies require or permit executive branch agencies to protect. Information the Government creates or possesses. Information an entity creates or possesses for or on behalf of the Government. What is Controlled Unclassified Information (CUI)? © 2021 ControlCase. All Rights Reserved. 10
WHO DOES CMMC APPLY TO? 3 © 2021 ControlCase. All Rights Reserved. 11
Who Does CMMC Apply To? © 2021 ControlCase. All Rights Reserved. 12 Defense Industrial Base (DIB) contractors whose unclassified networks possess, store, or transmit Controlled Unclassified Information (CUI). Defense Industrial Base (DIB) contractors whose unclassified networks possess Federal Contract Information (FCI).
WHAT IS THE CMMC ACCREDITATION BODY (CMMC-AB)? 4 © 2021 ControlCase. All Rights Reserved. 13
What is CMMC Accreditation Body (CMMC-AB)? © 2021 ControlCase. All Rights Reserved. 14 Independent organization authorized to operationalize CMMC in accordance with the US Department of Defense requirements. Authorizes and Accredits CMMC Registered Provider Organizations (RPO) and Third Party Assessment Organizations (C3PAOs). Authorizes and Accredits CMMC Assessors and Instructors Certification Organizations (CAICO).
WHAT ARE THE CMMC CERTIFICATION LEVELS? 5 © 2021 ControlCase. All Rights Reserved. 15
Overview of CMMC 2.0 Levels © 2021 ControlCase. All Rights Reserved. 16 PRACTICES 3 2 1 EXPERT ADVANCED FOUNDATIONAL Cybersecurity Maturity Model Certification (CMMC) There are 3 levels, each with associated controls and processes. The level of the CMMC certificate is dependent upon the type and nature of information flowed down from your prime contractor. The DoD will specify the required CMMC level in Requests for Information (RFIs) and Requests for Proposals (RFPs).
You have FCI (Federal Contract Info) Only You have CUI (Controlled Unclassified Information) (in addition to FCI) Level 1 Level 2 or 3 What CMMC Level Are You? © 2021 ControlCase. All Rights Reserved. 17 WHAT YOU NEED TO DO Level 1 Self Assessment (optionally assisted by ControlCase) Level 2a Your CUI is not critical to national security AND the information originated within the company) - Self Assessment (optionally assisted by ControlCase) Level 2b Your CUI is not critical to national security AND it originates within the US Government — C3PAO assessment (C3PAO assessment once every three years) Level 3 Your CUI is critical to national security — Government conducts an audit (Once every three years)
CMMC Level 1 © 2021 ControlCase. All Rights Reserved. 18 (“Foundational”) • For Entities with Federal Contract Information (FCI) only. ⎻ No Controlled Unclassified Information (CUI) ⎻ CMMC Self Assessment Required Annually. ⎻ Optionally assisted by ControlCase RPO.
Level 2a (“Advanced”) • For Entities with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. ⎻ CUI is not critical to national security. ⎻ The information originated within the company. ⎻ Level 2 CMMC Self Assessment Required Annually. ⎻ Optionally assisted by ControlCase (an RPO). Level 2b (“Advanced”) • For Entities with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. ⎻ CUI is not critical to national security. ⎻ The information originated within the US Government. ⎻ Level 2 CMMC C3PAO Assessment. ⎻ Completed by an approved C3PAO every 3 years. CMMC Level 2 (CUI not critical to national security) © 2021 ControlCase. All Rights Reserved. 19
CMMC Level 3 (CUI critical to national security) © 2021 ControlCase. All Rights Reserved. 20 Level 3 (“Expert”) • For Entities with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. ⎻ Involves CUI critical to national security. ⎻ Government conducts assessment every 3 years.
WHAT IS A CMMC REGISTERED PROVIDER ORGANIZATION (RPO)? 6 © 2021 ControlCase. All Rights Reserved. 21
What is a CMMC Registered Provider Organization (RPO) © 2021 ControlCase. All Rights Reserved. 22 Provide “Registered Practitioners” (RPs) for advice, consulting and recommendations for companies required to comply with CMMC. They are approved by the CMMC-AB. Can assist with Level 1 and a subset of Level 2 (level 2a) ControlCase is a Registered Provider Organization (RPO)
WHAT IS A CMMC THIRD-PARTY ORGANIZATION (C3PAO)? 7 © 2021 ControlCase. All Rights Reserved. 23
What is a CMMC Third-Party Organization (C3PAO)? © 2021 ControlCase. All Rights Reserved. 24 Conduct CMMC Level 2 (2b) assessments and issue CMMC certificates based on the results of the assessments. Accredited C3PAOs must meet all DoD requirements and achieve full compliance with ISO/IEC 17020.
CMMC AND NIST 8 © 2021 ControlCase. All Rights Reserved. 25
CMMC and NIST © 2021 ControlCase. All Rights Reserved. 26 CMMC Level 2 includes the 110 security requirements specified in NIST SP 800-171. The CMMC Model also incorporates additional practices and processes from other standards; • NIST SP 800-53 • Aerospace Industries Association (AIA) • National Aerospace Standard (NAS) 9933 “Critical Security Controls for Effective Capability in Cyber Defense”, and • Computer Emergency Response Team (CERT) • Resilience Management Model (RMM)
NIST 800-171 Control Domains 110 security requirements broken down into 14 control families taken from FIPS 200 and NIST 800-53: © 2020 ControlCase. All Rights Reserved. 27 Access Control Identification & Authentication Physical Protection Security Assessment Audit & Accountability Incident Response Personnel Security System & Communications Protection Awareness & Training Maintenance Risk Assessment Systems & Information Integrity Configuration Management Media Protection
WHAT IS THE CMMC ASSESSMENT PROCESS 9 © 2021 ControlCase. All Rights Reserved. 28
ControlCase is a CMMC Registered Provider Organization (RPO) ControlCase assists with CMMC Level 1 Compliance and a subset of CMMC Level 2 (2a) ControlCase CMMC Assessment Process © 2021 ControlCase. All Rights Reserved. 29
CONTROLCASE CMMC LEVEL 1 ASSESSMENT PROCESS CONTROLCASE CMMC LEVEL 2A ASSESSMENT PROCESS 1. Deploy Compliance Hub with NIST 800-171 controls covering 17 practices 2. Complete Scoping 3. Complete 50% Evidence Review 4. Complete 100% Evidence Review 5. *Publish Level 1 Self Assessment Report . A. Deploy Compliance Hub with NIST 800-171 controls covering 110 practices B. Complete Scoping C. Complete 50% Evidence Review D. Complete 100% Evidence Review E. *Publish Level 2 Self Assessment Report ControlCase CMMC Assessment Process © 2021 ControlCase. All Rights Reserved. 30
WHY CONTROLCASE? 10 © 2021 ControlCase. All Rights Reserved. 31
CMMC RPO CCPA SOC 1,2,3,& Cybersecurity ISO 27001-2 HIPAA FedRAMP PCI DSS NIST CSF PCI PIN PCI PA-DSS CSA Star Microsoft SSPA One Audit™ © 2021 ControlCase. All Rights Reserved. 32 Assess Once. Comply to Many.
ControlCase Compliance Hub® © 2021 ControlCase. All Rights Reserved. 33 Automated Compliance Engine (ACE) • Collect evidence such as configurations remotely. ControlCase Data Discovery (CDD) • Scan end user workstations for PII. Vulnerability Assessment & Penetration Testing (VAPT) • Perform remote vulnerability scans and penetration tests. Automated Log Analysis (LOGS) • Review log settings and identify missing logs remotely.
Continuous Compliance Services ControlCase Addresses Common non-compliant situations that may leave you vulnerable: © 2021 ControlCase. All Rights Reserved. 34 In-scope assets not reporting logs In-scope assets missed from vulnerability scans Critical, overlooked vulnerabilities due to volume Risky firewall rule sets go undetected Non-compliant user access scenarios not flagged FEATURE: Package 1 - With Cybersecurity Services* Package 2 - Without Cybersecurity Services* Quarterly Review of 15 to 25 Compliance Questions ✓ ✓ Quarterly Review of Scope ✓ ✓ Collecting & Analyzing Data through connectors from client systems — ✓ Vulnerability Assessment ✓ — Penetration Testing ✓ — Sensitive Data Discovery ✓ — Firewall Ruleset Review ✓ — Security Awareness Training ✓ — Logging & Automated Alerting ✓ — * Hybrid package can be selected.
Summary – Why ControlCase © 2021 ControlCase. All Rights Reserved. 35 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company
THANK YOU FOR THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com Download CMMC Compliance Checklist CMMC Compliance Blog Schedule CMMC Compliance Discussion

More Related Content

PPTX
CMMC 2.0 Explained: Impact for SMBs
byIgnyte Assurance Platform
 
PPTX
FedRAMP Certification & FedRAMP Marketplace
byControlCase
 
PPTX
Demystifying CMMC: Real-World Insights from ControlCase Experts
byAmyPoblete3
 
PPT
A Guide to Managed Security Services
byGraham Mann
 
PDF
ControlCase CMMC Basics Deck Final.pdf
byAmyPoblete3
 
PDF
Security Consulting Services
byePlus
 
PPTX
Introduction to the CSA Cloud Controls Matrix
byJohn Yeoh
 
PDF
SOC Certification Runbook Template
byMark S. Mahre
 
CMMC 2.0 Explained: Impact for SMBs
byIgnyte Assurance Platform
 
FedRAMP Certification & FedRAMP Marketplace
byControlCase
 
Demystifying CMMC: Real-World Insights from ControlCase Experts
byAmyPoblete3
 
A Guide to Managed Security Services
byGraham Mann
 
ControlCase CMMC Basics Deck Final.pdf
byAmyPoblete3
 
Security Consulting Services
byePlus
 
Introduction to the CSA Cloud Controls Matrix
byJohn Yeoh
 
SOC Certification Runbook Template
byMark S. Mahre
 

What's hot

PPTX
Itil,cobit and ıso27001
byBurcu Pelin TELLİ
 
PDF
Detection and Response Roles
byFlorian Roth
 
PDF
Cyber Security Governance
byPriyanka Aash
 
PDF
Network Security - Defense Through Layered Information Security
byEryk Budi Pratama
 
PPTX
Adopting A Zero-Trust Model. Google Did It, Can You?
byZscaler
 
PDF
Everything You Need To Know About SOC 1
bySchellman & Company
 
PPTX
Endpoint Protection
bySophos
 
PDF
What is Penetration & Penetration test ?
byBhavin Shah
 
PPTX
PPT-Security-for-Management.pptx
byRSAArcher
 
PPTX
CISSP - Chapter 1 - Security Concepts
byKarthikeyan Dhayalan
 
PDF
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
byFlorian Roth
 
PDF
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
byMITRE ATT&CK
 
PDF
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
byIvanti
 
PDF
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
PPTX
Cyber & Process Attack Scenarios for ICS
byJim Gilsinn
 
PDF
SIEM Architecture
byNishanth Kumar Pathi
 
PPT
Change Management ITIL
bydkmorgan51
 
PDF
Zero trust in a hybrid architecture
byHybrid IT Europe
 
PDF
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
byEnterpriseGRC Solutions, Inc.
 
PPTX
ICS (Industrial Control System) Cybersecurity Training
byTonex
 
Itil,cobit and ıso27001
byBurcu Pelin TELLİ
 
Detection and Response Roles
byFlorian Roth
 
Cyber Security Governance
byPriyanka Aash
 
Network Security - Defense Through Layered Information Security
byEryk Budi Pratama
 
Adopting A Zero-Trust Model. Google Did It, Can You?
byZscaler
 
Everything You Need To Know About SOC 1
bySchellman & Company
 
Endpoint Protection
bySophos
 
What is Penetration & Penetration test ?
byBhavin Shah
 
PPT-Security-for-Management.pptx
byRSAArcher
 
CISSP - Chapter 1 - Security Concepts
byKarthikeyan Dhayalan
 
Sigma Hall of Fame - EU ATT&CK User Workshop, October 2021
byFlorian Roth
 
What is ATT&CK coverage, anyway? Breadth and depth analysis with Atomic Red Team
byMITRE ATT&CK
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
byIvanti
 
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
Cyber & Process Attack Scenarios for ICS
byJim Gilsinn
 
SIEM Architecture
byNishanth Kumar Pathi
 
Change Management ITIL
bydkmorgan51
 
Zero trust in a hybrid architecture
byHybrid IT Europe
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
byEnterpriseGRC Solutions, Inc.
 
ICS (Industrial Control System) Cybersecurity Training
byTonex
 

Similar to Webinar - CMMC Certification.pptx

PPTX
CMMC Certification
byControlCase
 
PPTX
CMMC DFARS/NIST SP 800-171
byIgnyte Assurance Platform
 
PPTX
CTEK Summer Series Session 3: Understanding CMMC Requirements for Healthcare ...
byCTEKMarketing
 
PPTX
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
byJack Nichelson
 
PDF
EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defens...
byRea
 
PDF
CMMC Overview Arrington_20200903
byaegamemnon
 
PDF
Cmmc overview arrington_20200903
byaegamemnon
 
PPTX
Cybersecurity Maturity Model Certification (CMMC)
byRobert E Jones
 
PDF
Cybersecurity Maturity Model Certification
byMurray Security Services
 
PDF
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
byJack Nichelson
 
PDF
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
byIgnyte Assurance Platform
 
PPTX
How I Woke Up from the CMMC Compliance Nightmare
byIgnyte Assurance Platform
 
PPTX
CMMC rollout: How CMMC will impact your organization
byInfosec
 
PDF
Ignyte_ CMMC Webinar September 2025.pdf
byIgnyte Assurance Platform
 
PDF
The CMMC Has Arrived. Are You Ready?
byUnanet
 
PPTX
CMMC Breakdown
byIgnyte Assurance Platform
 
PDF
Ignyte_ CMMC Webinar #2_News from Federal Register_Sept. 2025.pdf
byIgnyte Assurance Platform
 
PDF
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
byControlCase
 
PPTX
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
byJack Nichelson
 
PDF
CMMC briefing
byUlrik Holm Nielsen
 
CMMC Certification
byControlCase
 
CMMC DFARS/NIST SP 800-171
byIgnyte Assurance Platform
 
CTEK Summer Series Session 3: Understanding CMMC Requirements for Healthcare ...
byCTEKMarketing
 
A Clear Path to NIST & CMMC Compliance_ISSA.pptx
byJack Nichelson
 
EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defens...
byRea
 
CMMC Overview Arrington_20200903
byaegamemnon
 
Cmmc overview arrington_20200903
byaegamemnon
 
Cybersecurity Maturity Model Certification (CMMC)
byRobert E Jones
 
Cybersecurity Maturity Model Certification
byMurray Security Services
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
byJack Nichelson
 
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
byIgnyte Assurance Platform
 
How I Woke Up from the CMMC Compliance Nightmare
byIgnyte Assurance Platform
 
CMMC rollout: How CMMC will impact your organization
byInfosec
 
Ignyte_ CMMC Webinar September 2025.pdf
byIgnyte Assurance Platform
 
The CMMC Has Arrived. Are You Ready?
byUnanet
 
CMMC Breakdown
byIgnyte Assurance Platform
 
Ignyte_ CMMC Webinar #2_News from Federal Register_Sept. 2025.pdf
byIgnyte Assurance Platform
 
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
byControlCase
 
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
byJack Nichelson
 
CMMC briefing
byUlrik Holm Nielsen
 

More from ControlCase

PDF
Logging and Automated Alerting Webinar.pdf
byControlCase
 
PDF
Navigating Compliance for MSPs From First Audit to Monetization
byControlCase
 
PDF
Principes de base des tests d’intrusion Webinar
byControlCase
 
PDF
Penetration Testing Basics Webinar ControlCase
byControlCase
 
PDF
PCI PIN Basics Webinar from the Controlcase Team
byControlCase
 
PDF
Maintaining Data Privacy with Ashish Kirtikar
byControlCase
 
PDF
PCI DSS v4 - ControlCase Update Webinar Final.pdf
byControlCase
 
PDF
ISO 27001 2002 Update Webinar.pdf
byControlCase
 
PPTX
Integrated Compliance Webinar.pptx
byControlCase
 
PDF
2022-Q2-Webinar-ISO_Spanish_Final.pdf
byControlCase
 
PDF
French PCI DSS v4.0 Webinaire.pdf
byControlCase
 
PPTX
Webinar-MSP+ Cyber Insurance Fina.pptx
byControlCase
 
PDF
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
byControlCase
 
PDF
Webinar-Spanish-PCI DSS-4.0.pdf
byControlCase
 
PDF
2022 Webinar - ISO 27001 Certification.pdf
byControlCase
 
PPTX
PCI DSS 4.0 Webinar Final.pptx
byControlCase
 
PPTX
HITRUST Certification
byControlCase
 
PPTX
SOC 2 Compliance and Certification
byControlCase
 
PPTX
PCI DSS Compliance Checklist
byControlCase
 
PPTX
OneAudit™ - Assess Once, Certify to Many
byControlCase
 
Logging and Automated Alerting Webinar.pdf
byControlCase
 
Navigating Compliance for MSPs From First Audit to Monetization
byControlCase
 
Principes de base des tests d’intrusion Webinar
byControlCase
 
Penetration Testing Basics Webinar ControlCase
byControlCase
 
PCI PIN Basics Webinar from the Controlcase Team
byControlCase
 
Maintaining Data Privacy with Ashish Kirtikar
byControlCase
 
PCI DSS v4 - ControlCase Update Webinar Final.pdf
byControlCase
 
ISO 27001 2002 Update Webinar.pdf
byControlCase
 
Integrated Compliance Webinar.pptx
byControlCase
 
2022-Q2-Webinar-ISO_Spanish_Final.pdf
byControlCase
 
French PCI DSS v4.0 Webinaire.pdf
byControlCase
 
Webinar-MSP+ Cyber Insurance Fina.pptx
byControlCase
 
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
byControlCase
 
Webinar-Spanish-PCI DSS-4.0.pdf
byControlCase
 
2022 Webinar - ISO 27001 Certification.pdf
byControlCase
 
PCI DSS 4.0 Webinar Final.pptx
byControlCase
 
HITRUST Certification
byControlCase
 
SOC 2 Compliance and Certification
byControlCase
 
PCI DSS Compliance Checklist
byControlCase
 
OneAudit™ - Assess Once, Certify to Many
byControlCase
 

Recently uploaded

PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PPTX
PPTX game guess the logo with a twistppt
byAdrianAnig
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
February 2026 Patch Tuesday hosted by Chris Goettl and Todd Schell
byIvanti
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
Odoo Implementation Checklist: A Strategic ERP Blueprint for Business-Ready D...
byBANIBRO IT SOLUTION
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PPTX game guess the logo with a twistppt
byAdrianAnig
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab | A. Jacobs
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
Spec-Driven Development with Kiro: Elevating Software Quality, Traceability, ...
byHaim Michael
 

Webinar - CMMC Certification.pptx

  • 1.
    WEBINAR: CMMC COMPLIANCE YOUR ITCOMPLIANCE PARTNER – GO BEYOND THE CHECKLIST Download CMMC Compliance Checklist CMMC Compliance Blog Schedule CMMC Compliance Discussion
  • 2.
    ControlCase Introduction What isCMMC? Who does CMMC apply to? What is the CMMC accreditation body (CMMC-AB)? What are the CMMC certification levels? What is a CMMC Registered Provider Organization (RPO)? What is a CMMC Third-Party Organization (C3PAO)? CMMC and NIST What is the CMMC Assessment process Why ControlCase? Agenda © 2021 ControlCase. All Rights Reserved. 2 1 2 3 4 5 6 7 8 9 10
  • 3.
    CONTROLCASE INTRODUCTION 1 © 2021ControlCase. All Rights Reserved. 3
  • 4.
    ControlCase Snapshot © 2021ControlCase. All Rights Reserved. 4 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
  • 5.
    Solution © 2021 ControlCase.All Rights Reserved. 5 Certification and Continuous Compliance Services “ I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
  • 6.
    CMMC RPO ISO27001-2 SOC 1,2,3,& Cybersecurity HITRUST CSF HIPAA PCI DSS GDPR NIST 800-53 PCI PIN PCI PA-DSS FedRAMP PCI 3DS One Audit™ Assess Once. Comply to Many. Certification Services © 2021 ControlCase. All Rights Reserved. 6 “ You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant
  • 7.
    WHAT IS CMMC? 2 ©2021 ControlCase. All Rights Reserved. 7
  • 8.
    Cybersecurity Maturity ModelCertification (CMMC) CMMC is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). CMMC 1.0 Released by the US Department of Defense (DoD) and became effective November, 2020. CMMC 2.0 Released November 2021 CMMC ensures that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. What is CMMC? © 2021 ControlCase. All Rights Reserved. 8
  • 9.
    FCI refers toInformation that is collected, created or received pursuant to a government contract. The information is not marked as "public" or "for public release“. Could be information used to develop a product or service. What is Federal Contract Information (FCI)? © 2021 ControlCase. All Rights Reserved. 9
  • 10.
    CUI refers tosensitive information that laws, Federal regulations, or Government-wide policies require or permit executive branch agencies to protect. Information the Government creates or possesses. Information an entity creates or possesses for or on behalf of the Government. What is Controlled Unclassified Information (CUI)? © 2021 ControlCase. All Rights Reserved. 10
  • 11.
    WHO DOES CMMCAPPLY TO? 3 © 2021 ControlCase. All Rights Reserved. 11
  • 12.
    Who Does CMMCApply To? © 2021 ControlCase. All Rights Reserved. 12 Defense Industrial Base (DIB) contractors whose unclassified networks possess, store, or transmit Controlled Unclassified Information (CUI). Defense Industrial Base (DIB) contractors whose unclassified networks possess Federal Contract Information (FCI).
  • 13.
    WHAT IS THECMMC ACCREDITATION BODY (CMMC-AB)? 4 © 2021 ControlCase. All Rights Reserved. 13
  • 14.
    What is CMMCAccreditation Body (CMMC-AB)? © 2021 ControlCase. All Rights Reserved. 14 Independent organization authorized to operationalize CMMC in accordance with the US Department of Defense requirements. Authorizes and Accredits CMMC Registered Provider Organizations (RPO) and Third Party Assessment Organizations (C3PAOs). Authorizes and Accredits CMMC Assessors and Instructors Certification Organizations (CAICO).
  • 15.
    WHAT ARE THECMMC CERTIFICATION LEVELS? 5 © 2021 ControlCase. All Rights Reserved. 15
  • 16.
    Overview of CMMC2.0 Levels © 2021 ControlCase. All Rights Reserved. 16 PRACTICES 3 2 1 EXPERT ADVANCED FOUNDATIONAL Cybersecurity Maturity Model Certification (CMMC) There are 3 levels, each with associated controls and processes. The level of the CMMC certificate is dependent upon the type and nature of information flowed down from your prime contractor. The DoD will specify the required CMMC level in Requests for Information (RFIs) and Requests for Proposals (RFPs).
  • 17.
    You have FCI(Federal Contract Info) Only You have CUI (Controlled Unclassified Information) (in addition to FCI) Level 1 Level 2 or 3 What CMMC Level Are You? © 2021 ControlCase. All Rights Reserved. 17 WHAT YOU NEED TO DO Level 1 Self Assessment (optionally assisted by ControlCase) Level 2a Your CUI is not critical to national security AND the information originated within the company) - Self Assessment (optionally assisted by ControlCase) Level 2b Your CUI is not critical to national security AND it originates within the US Government — C3PAO assessment (C3PAO assessment once every three years) Level 3 Your CUI is critical to national security — Government conducts an audit (Once every three years)
  • 18.
    CMMC Level 1 ©2021 ControlCase. All Rights Reserved. 18 (“Foundational”) • For Entities with Federal Contract Information (FCI) only. ⎻ No Controlled Unclassified Information (CUI) ⎻ CMMC Self Assessment Required Annually. ⎻ Optionally assisted by ControlCase RPO.
  • 19.
    Level 2a (“Advanced”) •For Entities with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. ⎻ CUI is not critical to national security. ⎻ The information originated within the company. ⎻ Level 2 CMMC Self Assessment Required Annually. ⎻ Optionally assisted by ControlCase (an RPO). Level 2b (“Advanced”) • For Entities with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. ⎻ CUI is not critical to national security. ⎻ The information originated within the US Government. ⎻ Level 2 CMMC C3PAO Assessment. ⎻ Completed by an approved C3PAO every 3 years. CMMC Level 2 (CUI not critical to national security) © 2021 ControlCase. All Rights Reserved. 19
  • 20.
    CMMC Level 3(CUI critical to national security) © 2021 ControlCase. All Rights Reserved. 20 Level 3 (“Expert”) • For Entities with Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. ⎻ Involves CUI critical to national security. ⎻ Government conducts assessment every 3 years.
  • 21.
    WHAT IS ACMMC REGISTERED PROVIDER ORGANIZATION (RPO)? 6 © 2021 ControlCase. All Rights Reserved. 21
  • 22.
    What is aCMMC Registered Provider Organization (RPO) © 2021 ControlCase. All Rights Reserved. 22 Provide “Registered Practitioners” (RPs) for advice, consulting and recommendations for companies required to comply with CMMC. They are approved by the CMMC-AB. Can assist with Level 1 and a subset of Level 2 (level 2a) ControlCase is a Registered Provider Organization (RPO)
  • 23.
    WHAT IS ACMMC THIRD-PARTY ORGANIZATION (C3PAO)? 7 © 2021 ControlCase. All Rights Reserved. 23
  • 24.
    What is aCMMC Third-Party Organization (C3PAO)? © 2021 ControlCase. All Rights Reserved. 24 Conduct CMMC Level 2 (2b) assessments and issue CMMC certificates based on the results of the assessments. Accredited C3PAOs must meet all DoD requirements and achieve full compliance with ISO/IEC 17020.
  • 25.
    CMMC AND NIST 8 ©2021 ControlCase. All Rights Reserved. 25
  • 26.
    CMMC and NIST ©2021 ControlCase. All Rights Reserved. 26 CMMC Level 2 includes the 110 security requirements specified in NIST SP 800-171. The CMMC Model also incorporates additional practices and processes from other standards; • NIST SP 800-53 • Aerospace Industries Association (AIA) • National Aerospace Standard (NAS) 9933 “Critical Security Controls for Effective Capability in Cyber Defense”, and • Computer Emergency Response Team (CERT) • Resilience Management Model (RMM)
  • 27.
    NIST 800-171 ControlDomains 110 security requirements broken down into 14 control families taken from FIPS 200 and NIST 800-53: © 2020 ControlCase. All Rights Reserved. 27 Access Control Identification & Authentication Physical Protection Security Assessment Audit & Accountability Incident Response Personnel Security System & Communications Protection Awareness & Training Maintenance Risk Assessment Systems & Information Integrity Configuration Management Media Protection
  • 28.
    WHAT IS THECMMC ASSESSMENT PROCESS 9 © 2021 ControlCase. All Rights Reserved. 28
  • 29.
    ControlCase is aCMMC Registered Provider Organization (RPO) ControlCase assists with CMMC Level 1 Compliance and a subset of CMMC Level 2 (2a) ControlCase CMMC Assessment Process © 2021 ControlCase. All Rights Reserved. 29
  • 30.
    CONTROLCASE CMMC LEVEL 1ASSESSMENT PROCESS CONTROLCASE CMMC LEVEL 2A ASSESSMENT PROCESS 1. Deploy Compliance Hub with NIST 800-171 controls covering 17 practices 2. Complete Scoping 3. Complete 50% Evidence Review 4. Complete 100% Evidence Review 5. *Publish Level 1 Self Assessment Report . A. Deploy Compliance Hub with NIST 800-171 controls covering 110 practices B. Complete Scoping C. Complete 50% Evidence Review D. Complete 100% Evidence Review E. *Publish Level 2 Self Assessment Report ControlCase CMMC Assessment Process © 2021 ControlCase. All Rights Reserved. 30
  • 31.
    WHY CONTROLCASE? 10 © 2021ControlCase. All Rights Reserved. 31
  • 32.
    CMMC RPO CCPASOC 1,2,3,& Cybersecurity ISO 27001-2 HIPAA FedRAMP PCI DSS NIST CSF PCI PIN PCI PA-DSS CSA Star Microsoft SSPA One Audit™ © 2021 ControlCase. All Rights Reserved. 32 Assess Once. Comply to Many.
  • 33.
    ControlCase Compliance Hub® ©2021 ControlCase. All Rights Reserved. 33 Automated Compliance Engine (ACE) • Collect evidence such as configurations remotely. ControlCase Data Discovery (CDD) • Scan end user workstations for PII. Vulnerability Assessment & Penetration Testing (VAPT) • Perform remote vulnerability scans and penetration tests. Automated Log Analysis (LOGS) • Review log settings and identify missing logs remotely.
  • 34.
    Continuous Compliance Services ControlCaseAddresses Common non-compliant situations that may leave you vulnerable: © 2021 ControlCase. All Rights Reserved. 34 In-scope assets not reporting logs In-scope assets missed from vulnerability scans Critical, overlooked vulnerabilities due to volume Risky firewall rule sets go undetected Non-compliant user access scenarios not flagged FEATURE: Package 1 - With Cybersecurity Services* Package 2 - Without Cybersecurity Services* Quarterly Review of 15 to 25 Compliance Questions ✓ ✓ Quarterly Review of Scope ✓ ✓ Collecting & Analyzing Data through connectors from client systems — ✓ Vulnerability Assessment ✓ — Penetration Testing ✓ — Sensitive Data Discovery ✓ — Firewall Ruleset Review ✓ — Security Awareness Training ✓ — Logging & Automated Alerting ✓ — * Hybrid package can be selected.
  • 35.
    Summary – WhyControlCase © 2021 ControlCase. All Rights Reserved. 35 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company
  • 36.
    THANK YOU FORTHE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com Download CMMC Compliance Checklist CMMC Compliance Blog Schedule CMMC Compliance Discussion

Editor's Notes

  • #5 Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.
  • #28 Organizations of all sizes rely on ControlCase’s certification and continuous compliance services to dramatically cut the time, cost and burden out of IT compliance. Unlike traditional consulting firms, we bring a partnership approach versus an auditor mentality to every engagement. We go beyond the checklist and provide the expertise, guidance and automation needed to more efficiently and cost effectively demonstrate and maintain compliance. Whether you're looking to satisfy regulatory requirements, meet customer demand or establish confidence with prospective customers, with ControlCase as your compliance partner, your workforce will be free to focus on their strategic priorities, and you’ll eliminate the hassle and reduce the stress associated with certification and continuous compliance.