The Technical Nuts & Bolts of CMMC
The Project Manager Defensive Cyber Operations is hosting a “Cyber Talk” informational and educational briefing that will be presented by Brian Hajost, CEO for SteelCloud, called “The Technical Nuts & Bolts of CMMC”.
Who should attend: Government personnel, Contractors, SOSSEC Consortium Members and all interested Industry vendors. Program managers, development teams, engineers, architects, ISSO’s, security managers, security specialists, and system administrators who are eager to learn about DCO platform architectures and modern application development techniques. This event is intended to educate all professionals who support these initiates.
Location is Virtual via Webex:
- Meeting URL: https://sossec.webex.com/webappng/sites/sossec/meeting/download/1800bcaf6bec497ca3504091c0cff667?siteurl=sossec&MTID=m733846fb608f35f361e3c644bc3cf1fe
- Meeting number (access code): 199 552 9978
- Meeting password: Forge11
- Join by Phone: +1-415-527-5035, 1995529978#
What You Know…
If you’re in business serving the Department of Defense, you have no doubt heard of and maybe are a little worried about the new Cybersecurity Maturity Model Certification (CMMC) requirement that is becoming a contract mandate for all DoD suppliers. Without the blessing of a 3rd Party Audit Organization (3PAO) for any one of the 5 levels of CMMC, your company loses eligibility to bid on all DoD contracts and, if GSA’s STARS III actions are any indication, many civilian contracts as well. Self-attestation as to your cyber hygiene will soon be a memory.
Much hype, conference presentations and now COVID-friendly Zoom meetings have discussed definitions and the things you may need to do relative to documenting things, preparing manuals, hiring consultants, and passing your first audit. Not a lot of attention or education has been provided to the actual technical requirements of CMMC, not only for initial certification but to stay compliant, year over year. In fact, for many, these requirements are still cloaked in mystery. The CMMC language tells us in general terms to establish a “practice” or “policy” in multiple areas, but what exactly are the best practices to implement for your organization to consistently meet this new mandate with the lightest lift possible?
What You Need to Know…
This briefing will describe the technical nuts and bolts of CMMC, such as…
- How the DISA STIGs for your endpoints related to CMMC requirements, and ways to simplify that compliance
- What the requirements are for access control and 2-factor authentication?
- What are valid data encryption strategies for CMMC compliance and sustainment?
- What other standards we already comply with apply to my organization and how they relate to CMMC (NIST 800-171, NIST 800-53, etc.)?
SteelCloud has been managing compliance to cybersecurity standards on behalf of Federal agencies for years. This Cyber Talk will show you how to understand the new CMMC standard, characterize it and learn precisely—section by section–what it means to your company, and provide strategies for simplifying your CMMC compliance plan.
- All attendees will gain access to SteelCloud’s new eBook, STIGs for Dummies, and several informational crosswalk matrices relating the nuts and bolts of CMMC to other Federal security standards.
- CMMC Crosswalks:
The Two-hour session will allow for questions and answers.