SlideShare uma empresa Scribd logo

EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defense Data Protection Guide

Rea & Associates
Rea & Associates

Present-day in our galaxy, right here … The US Department of Defense (DoD) recently developed and established the Cybersecurity Maturity Model Certification (CMMC) as the new standard for the Defense Industrial Base (DIB). More plainly, it’s a certification process that provides assurance to the DoD that a required entity is equipped to protect unclassified information, including any data that transfers between its vendors and partners. That’s a simplified definition of what a CMMC and CMMC compliance is and it already sounds complicated. It doesn’t have to be, though. Etactics and Rea & Associates have joined forces to break down every facet of this new certification into a comprehensive webinar series entitled Security Wars. The first webinar in our Security Wars series serves as a necessary introduction to CMMC. Join Matt Moneypenny, senior marketing and sales analyst at Etactics, and Ty Whittenburg, senior information assurance manager at Rea & Associates, as they unpack the DoD’s newest standard by starting with its three maturity levels and their implications on data protection. #SecurityWarsSeries #CMMC #Cybersecurity Learn more about Rea & Associates at https://www.reacpa.com Discover how Etactics can help your business at https://etactics.com/

Negócios
1 de 40
Baixar para ler offline
Introducing... Ty Whittenburg Sr. Information Assurance Manager Rea & Associates As a Senior Information Assurance Manager and CMMC- Registered Practitioner on Rea’s Cybersecurity team, Ty can be found ensuring organizations technology and networks drive business objectives by identifying potential loss events, reducing their frequency, and loss magnitude. With more than 10 years of industry experience, he is involved with the Central Ohio ISSA, the Greater Ohio FAIR chapter, the Ohio River Valley Cloud Security Alliance, and InfraGard Columbus.
J.P. Cervo Regional Sales Manager Etactics Introducing... Since receiving a B.A. in English from Kent State University, J.P . has accumulated over 10 years of project management and sales experience within the healthcare space. Currently, he is a regional sales manager for Etactics, Inc. and has lead multiple product development efforts including Etactics’ K2 Compliance™ cloud-based governance, risk, and compliance management solution.
J.P. Cervo Regional Sales Manager Etactics Introducing... Since receiving a B.A. in English from Kent State University, J.P . has accumulated over 10 years of project management and sales experience within the healthcare space. Currently, he is a regional sales manager for Etactics, Inc. and has lead multiple product development efforts including Etactics’ K2 Compliance™ cloud-based governance, risk, and compliance management solution. R E C A S T
Matt Moneypenny Senior Marketing & Sales Analyst Etactics Introducing... Matt Moneypenny is the lead Marketing and Sales Analyst at Etactics, a revenue cycle technology company located in Northeast Ohio. Previously, he served as the Senior Content Strategist at an online news source for Amazon’s Twitch Interactive, for three years while attending The University of Akron in pursuit of a Bachelor’s of Business Administration in Marketing Management.
Poll Time! Q: What do you expect to get out of this webinar?
Understanding CMMC If you look at the DOD’s website that explains CMMC...
CMMC In a Nutshell ● Officially published on January 31, 2020 ● It’s a new, unified certification process that provides assurance to the DOD that a required entity is equipped to protect unclassified information, including any data that transfers between its vendors and partners.
Who’s Affected by CMMC? ● Over 300,000 DoD suppliers who deal with Controlled Unclassified Information (CUI) must obtain a certification Small Subcontractors Big Prime
CMMC Important Dates January 2020 DoD introduces Version 1.0 of the CMMC June 2020 Opens registration for C3PAOs and third-party assessors July 2020 DoD to creates and publishes a CMMC training September 2020 Implement CMMC into the DFARS regulation November 2020 Incorporate requirements in Requests for Proposals 2021 - 2026 Implementation of the CMMC through a phased rollout 2026 CMMC certification becomes a requirement
Don’t Delay All new DoD contracts will contain CMMC requirement starting in FY2026
Poll Time! Q: Have you begun preparation for CMMC?
CMMC Timeline
Step 1 Identify desired maturity level you want to be audited for and complete a self-assessment
Step 2 Start drafting a budget for CMMC compliance to include costs for enhancing security requirements, updating policies, leveraging applications, contracting a Registered Provider Organization , and any additional
Step 3 Configure your existing security environment to align to: ● FAR 50. 204-21 ● DFARS 252.204-7012 ● NIST 800-171 Contractors that implement all controls should be able to achieve CMMC Level 3
Step 4 Build a Plan of Action & Milestones (POA&M) to ensure compliance will be achieved in a defined time period.
Step 5 Find an available RPO or C3PAO who will schedule the assessment with the certified independent assessor
Step 6 “6 month waiting period between application and certification” Culture takes time
Estimated Costs of CMMC
CMMC Levels of Maturity 1 2 3 4 5
CMMC Levels of Maturity DoD contractors who wish to pass an audit at this level must implement 17 practices of FAR 52.204-21 Level 1 Demonstrates “Basic Cyber Hygiene”
CMMC Levels of Maturity 1 2 3 4 5
CMMC Levels of Maturity Here, DoD contractors must implement another 55 practices (72 total). Complying w/ FAR & including a select subset of 48 practices from NIST 800-171 rev1 plus seven new practices to support intermediate cyber hygiene. Level 2 Demonstrates “Intermediate Cyber Hygiene”
CMMC Levels of Maturity 1 2 3 4 5
CMMC Levels of Maturity To achieve level 3 certification, the final 58 practices of NIST 800-171 Rev1 plus 20 additional practices to support good cyber hygiene. Level 3 Demonstrates “Good Cyber Hygiene”
CMMC Levels of Maturity 1 2 3 4 5
CMMC Levels of Maturity In addition to the controls in levels 1 through 3, 11 more controls of NIST 800-171 Rev1 plus 22 new practices must be implemented. Level 4 Demonstrates “Proactive Cybersecurity”
CMMC Levels of Maturity 1 2 3 4 5
CMMC Levels of Maturity To achieve this highest level, DoD contractors must implement the final fifteen practices Level 5 Demonstrates “Advanced Cybersecurity”
Poll Time! Q: What Maturity level do you need to achieve?
Any Further Questions?
EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defense Data Protection Guide
EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defense Data Protection Guide

Recomendados

Importance about do d cyber and cmmc ab at cmmcmarketplace.org
Importance about do d cyber and cmmc ab at cmmcmarketplace.orgImportance about do d cyber and cmmc ab at cmmcmarketplace.org
Importance about do d cyber and cmmc ab at cmmcmarketplace.orgcmmcmarketplace
 
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...Rea & Associates
 
Create Lightning with Lightning & IoT
Create Lightning with Lightning & IoTCreate Lightning with Lightning & IoT
Create Lightning with Lightning & IoTSalesforce Developers
 
Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2Cindi Dixon
 
Mela Capital Group Fnma Qc V3
Mela Capital Group Fnma Qc V3Mela Capital Group Fnma Qc V3
Mela Capital Group Fnma Qc V3Cindi Dixon
 
CRISC – Certified in Risk & Information Systems Control| Virtual and Classroom
CRISC – Certified in Risk & Information Systems Control| Virtual and ClassroomCRISC – Certified in Risk & Information Systems Control| Virtual and Classroom
CRISC – Certified in Risk & Information Systems Control| Virtual and ClassroomBharathi Grover
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 
How Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the WorkplaceHow Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the WorkplaceDreamforce
 

Recomendados

Importance about do d cyber and cmmc ab at cmmcmarketplace.org
Importance about do d cyber and cmmc ab at cmmcmarketplace.orgImportance about do d cyber and cmmc ab at cmmcmarketplace.org
Importance about do d cyber and cmmc ab at cmmcmarketplace.orgcmmcmarketplace
 
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...
[ON-DEMAND WEBINAR] Security Wars: Episode 2 | CMMC: Return of The Process Fo...Rea & Associates
 
Create Lightning with Lightning & IoT
Create Lightning with Lightning & IoTCreate Lightning with Lightning & IoT
Create Lightning with Lightning & IoTSalesforce Developers
 
Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2Mela Capital Group Fnma Qc V2
Mela Capital Group Fnma Qc V2Cindi Dixon
 
Mela Capital Group Fnma Qc V3
Mela Capital Group Fnma Qc V3Mela Capital Group Fnma Qc V3
Mela Capital Group Fnma Qc V3Cindi Dixon
 
CRISC – Certified in Risk & Information Systems Control| Virtual and Classroom
CRISC – Certified in Risk & Information Systems Control| Virtual and ClassroomCRISC – Certified in Risk & Information Systems Control| Virtual and Classroom
CRISC – Certified in Risk & Information Systems Control| Virtual and ClassroomBharathi Grover
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 
How Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the WorkplaceHow Morgan Stanley is Using Apps to Transform the Workplace
How Morgan Stanley is Using Apps to Transform the WorkplaceDreamforce
 
Problem And Purpose Of A Project
Problem And Purpose Of A ProjectProblem And Purpose Of A Project
Problem And Purpose Of A ProjectChristina Valadez
 
What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
 
Description of Methodology
Description of MethodologyDescription of Methodology
Description of MethodologyDavid Facter
 
Overview of CMMI
Overview of CMMI Overview of CMMI
Overview of CMMI Certification Consultant
 
Cloud credential council presentation
Cloud credential council presentationCloud credential council presentation
Cloud credential council presentationshuangyinli
 
Sharpening revenue assurance_july 2015
Sharpening revenue assurance_july 2015Sharpening revenue assurance_july 2015
Sharpening revenue assurance_july 2015Silas Musakali
 
Thesis
ThesisThesis
ThesisIUI
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
Structure of the US CMA Exam
Structure of the US CMA ExamStructure of the US CMA Exam
Structure of the US CMA Examchinuroula
 
super affiliate generating Big commissions with onlinecasino affiliate programs
super affiliate generating Big commissions with onlinecasino affiliate programs super affiliate generating Big commissions with onlinecasino affiliate programs
super affiliate generating Big commissions with onlinecasino affiliate programs troyjefferson3
 
CIF Self Certification MSP Oct15
CIF Self Certification MSP Oct15CIF Self Certification MSP Oct15
CIF Self Certification MSP Oct15Jason Wyatt
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
 
Total FBO User Conference
Total FBO User ConferenceTotal FBO User Conference
Total FBO User ConferenceBranden Williams
 
Top 9 Certifications
Top 9 CertificationsTop 9 Certifications
Top 9 CertificationsAlexandre Pallota
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
Around the World in 100 Days a Global Deployment Case Study
Around the World in 100 Days a Global Deployment Case StudyAround the World in 100 Days a Global Deployment Case Study
Around the World in 100 Days a Global Deployment Case Studydreamforce2006
 
Capm Free Seminar Presentation
Capm Free Seminar PresentationCapm Free Seminar Presentation
Capm Free Seminar PresentationRavindra Kamthe
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful cloudsEuroCloud
 
2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference Rea & Associates
 
Rea & Associates' Manufacturing Day 2022
Rea & Associates' Manufacturing Day 2022Rea & Associates' Manufacturing Day 2022
Rea & Associates' Manufacturing Day 2022Rea & Associates
 

Mais conteúdo relacionado

Semelhante a EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defense Data Protection Guide

Problem And Purpose Of A Project
Problem And Purpose Of A ProjectProblem And Purpose Of A Project
Problem And Purpose Of A ProjectChristina Valadez
 
What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?Jim Kaplan CIA CFE
 
Description of Methodology
Description of MethodologyDescription of Methodology
Description of MethodologyDavid Facter
 
Cloud credential council presentation
Cloud credential council presentationCloud credential council presentation
Cloud credential council presentationshuangyinli
 
Sharpening revenue assurance_july 2015
Sharpening revenue assurance_july 2015Sharpening revenue assurance_july 2015
Sharpening revenue assurance_july 2015Silas Musakali
 
Thesis
ThesisThesis
ThesisIUI
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsIgnyte Assurance Platform
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxControlCase
 
Structure of the US CMA Exam
Structure of the US CMA ExamStructure of the US CMA Exam
Structure of the US CMA Examchinuroula
 
super affiliate generating Big commissions with onlinecasino affiliate programs
super affiliate generating Big commissions with onlinecasino affiliate programs super affiliate generating Big commissions with onlinecasino affiliate programs
super affiliate generating Big commissions with onlinecasino affiliate programs troyjefferson3
 
CIF Self Certification MSP Oct15
CIF Self Certification MSP Oct15CIF Self Certification MSP Oct15
CIF Self Certification MSP Oct15Jason Wyatt
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC CertificationControlCase
 
Around the World in 100 Days a Global Deployment Case Study
Around the World in 100 Days a Global Deployment Case StudyAround the World in 100 Days a Global Deployment Case Study
Around the World in 100 Days a Global Deployment Case Studydreamforce2006
 
Capm Free Seminar Presentation
Capm Free Seminar PresentationCapm Free Seminar Presentation
Capm Free Seminar PresentationRavindra Kamthe
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful cloudsEuroCloud
 

Semelhante a EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defense Data Protection Guide (20)

Problem And Purpose Of A Project
Problem And Purpose Of A ProjectProblem And Purpose Of A Project
Problem And Purpose Of A Project
 
What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?What's the Difference between GRC and Combined Assurance?
What's the Difference between GRC and Combined Assurance?
 
Description of Methodology
Description of MethodologyDescription of Methodology
Description of Methodology
 
Overview of CMMI
Overview of CMMI Overview of CMMI
Overview of CMMI
 
Cloud credential council presentation
Cloud credential council presentationCloud credential council presentation
Cloud credential council presentation
 
Sharpening revenue assurance_july 2015
Sharpening revenue assurance_july 2015Sharpening revenue assurance_july 2015
Sharpening revenue assurance_july 2015
 
Thesis
ThesisThesis
Thesis
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptxWebinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
 
Structure of the US CMA Exam
Structure of the US CMA ExamStructure of the US CMA Exam
Structure of the US CMA Exam
 
super affiliate generating Big commissions with onlinecasino affiliate programs
super affiliate generating Big commissions with onlinecasino affiliate programs super affiliate generating Big commissions with onlinecasino affiliate programs
super affiliate generating Big commissions with onlinecasino affiliate programs
 
CIF Self Certification MSP Oct15
CIF Self Certification MSP Oct15CIF Self Certification MSP Oct15
CIF Self Certification MSP Oct15
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
 
Total FBO User Conference
Total FBO User ConferenceTotal FBO User Conference
Total FBO User Conference
 
Top 9 Certifications
Top 9 CertificationsTop 9 Certifications
Top 9 Certifications
 
CMMC Certification
CMMC CertificationCMMC Certification
CMMC Certification
 
Around the World in 100 Days a Global Deployment Case Study
Around the World in 100 Days a Global Deployment Case StudyAround the World in 100 Days a Global Deployment Case Study
Around the World in 100 Days a Global Deployment Case Study
 
Capm Free Seminar Presentation
Capm Free Seminar PresentationCapm Free Seminar Presentation
Capm Free Seminar Presentation
 
1. five habits of highly successful clouds
1. five habits of highly successful clouds1. five habits of highly successful clouds
1. five habits of highly successful clouds
 

Mais de Rea & Associates

2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference Rea & Associates
 
Rea & Associates' Manufacturing Day 2022
Rea & Associates' Manufacturing Day 2022Rea & Associates' Manufacturing Day 2022
Rea & Associates' Manufacturing Day 2022Rea & Associates
 
Rea & Associates - 4th Annual Construction Kickoff
Rea & Associates - 4th Annual Construction KickoffRea & Associates - 4th Annual Construction Kickoff
Rea & Associates - 4th Annual Construction KickoffRea & Associates
 
Rea Manufacturing Day 2021
Rea Manufacturing Day 2021Rea Manufacturing Day 2021
Rea Manufacturing Day 2021Rea & Associates
 
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...Rea & Associates
 
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30Rea & Associates
 
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...Rea & Associates
 
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...Rea & Associates
 
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...Rea & Associates
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...Rea & Associates
 
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)Rea & Associates
 
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...Rea & Associates
 
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...Rea & Associates
 
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...Rea & Associates
 
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...Rea & Associates
 
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...Rea & Associates
 
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...Rea & Associates
 
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...Rea & Associates
 
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & ComplianceRea & Associates
 
[ON-DEMAND WEBINAR] Social Security v. Medicare: Addressing Your Most Asked Q...
[ON-DEMAND WEBINAR] Social Security v. Medicare: Addressing Your Most Asked Q...[ON-DEMAND WEBINAR] Social Security v. Medicare: Addressing Your Most Asked Q...
[ON-DEMAND WEBINAR] Social Security v. Medicare: Addressing Your Most Asked Q...Rea & Associates
 

Mais de Rea & Associates (20)

2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference 2022 Rea & Associates' Cybersecurity Conference
2022 Rea & Associates' Cybersecurity Conference
 
Rea & Associates' Manufacturing Day 2022
Rea & Associates' Manufacturing Day 2022Rea & Associates' Manufacturing Day 2022
Rea & Associates' Manufacturing Day 2022
 
Rea & Associates - 4th Annual Construction Kickoff
Rea & Associates - 4th Annual Construction KickoffRea & Associates - 4th Annual Construction Kickoff
Rea & Associates - 4th Annual Construction Kickoff
 
Rea Manufacturing Day 2021
Rea Manufacturing Day 2021Rea Manufacturing Day 2021
Rea Manufacturing Day 2021
 
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...
HR Compliance & Insurance Benefit Perspectives: What Employers Should Be Awar...
 
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30
LIVE EVENT - 3rd Annual Fall Construction Risk Update - September 30
 
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...
[ON-DEMAND WEBINAR] COVID 2.0 | Tips To Address New Cases, Mask Mandates, & V...
 
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...
[ON-DEMAND WEBINAR] Revealing The State & Local Tax Considerations Of A Remot...
 
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...
[ON-DEMAND WEBINAR] How To Hire More Employees & Keep Them Happy: Tips To Att...
 
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
[ON-DEMAND WEBINAR] Managed Service Providers vs Managed Security Service Pro...
 
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)
[ON-DEMAND WEBINAR] CPA Pros Prepare For The 2020 Medicaid School Program (MSP)
 
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
[ON-DEMAND RECORDING] Deep Impact: Is Your Manufacturing Company On A Collisi...
 
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
[ON-DEMAND WEBINAR] Construction Companies: Manage Cyber Risk Exposure & Prev...
 
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...
[ON-DEMAND WEBINAR] Covid Vaccine & HIPAA: Can Employers To Receive The COVID...
 
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...
[ON-DEMAND RECORDING] Managing Remote Employees, HR Policies, Sales Tax, & Ot...
 
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
[ON-DEMAND WEBINAR] Understanding SOC2: A SOC 2 Guide for Managed Service Pro...
 
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...
[ON-DEMAND WEBINAR] Third Annual Construction Industry Kickoff | Rea & Associ...
 
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...
[ON-DEMAND WEBINAR] New Year, New COVID 19 Vaccine, New Unemployment Rules, N...
 
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance
[ON-DEMAND WEBINAR] Next Steps In COVID 19 Protocols & Compliance
 
[ON-DEMAND WEBINAR] Social Security v. Medicare: Addressing Your Most Asked Q...
[ON-DEMAND WEBINAR] Social Security v. Medicare: Addressing Your Most Asked Q...[ON-DEMAND WEBINAR] Social Security v. Medicare: Addressing Your Most Asked Q...
[ON-DEMAND WEBINAR] Social Security v. Medicare: Addressing Your Most Asked Q...
 

Último

Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxsaniyaimamuddin
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menzaictsugar
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCRashishs7044
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607dollysharma2066
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy Verified Accounts
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 

Último (20)

Financial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptxFinancial-Statement-Analysis-of-Coca-cola-Company.pptx
Financial-Statement-Analysis-of-Coca-cola-Company.pptx
 
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu MenzaYouth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
Youth Involvement in an Innovative Coconut Value Chain by Mwalimu Menza
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR8447779800, Low rate Call girls in Saket Delhi NCR
8447779800, Low rate Call girls in Saket Delhi NCR
 
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
(Best) ENJOY Call Girls in Faridabad Ex | 8377087607
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 
Buy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail AccountsBuy gmail accounts.pdf Buy Old Gmail Accounts
Buy gmail accounts.pdf Buy Old Gmail Accounts
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 

EPISODE 1 | Security Wars: A New Goal: CMMC Compliance & Department of Defense Data Protection Guide

  • 1.
  • 2. Introducing... Ty Whittenburg Sr. Information Assurance Manager Rea & Associates As a Senior Information Assurance Manager and CMMC- Registered Practitioner on Rea’s Cybersecurity team, Ty can be found ensuring organizations technology and networks drive business objectives by identifying potential loss events, reducing their frequency, and loss magnitude. With more than 10 years of industry experience, he is involved with the Central Ohio ISSA, the Greater Ohio FAIR chapter, the Ohio River Valley Cloud Security Alliance, and InfraGard Columbus.
  • 3. J.P. Cervo Regional Sales Manager Etactics Introducing... Since receiving a B.A. in English from Kent State University, J.P . has accumulated over 10 years of project management and sales experience within the healthcare space. Currently, he is a regional sales manager for Etactics, Inc. and has lead multiple product development efforts including Etactics’ K2 Compliance™ cloud-based governance, risk, and compliance management solution.
  • 4. J.P. Cervo Regional Sales Manager Etactics Introducing... Since receiving a B.A. in English from Kent State University, J.P . has accumulated over 10 years of project management and sales experience within the healthcare space. Currently, he is a regional sales manager for Etactics, Inc. and has lead multiple product development efforts including Etactics’ K2 Compliance™ cloud-based governance, risk, and compliance management solution. R E C A S T
  • 5. Matt Moneypenny Senior Marketing & Sales Analyst Etactics Introducing... Matt Moneypenny is the lead Marketing and Sales Analyst at Etactics, a revenue cycle technology company located in Northeast Ohio. Previously, he served as the Senior Content Strategist at an online news source for Amazon’s Twitch Interactive, for three years while attending The University of Akron in pursuit of a Bachelor’s of Business Administration in Marketing Management.
  • 6. Poll Time! Q: What do you expect to get out of this webinar?
  • 7. Understanding CMMC If you look at the DOD’s website that explains CMMC...
  • 8. CMMC In a Nutshell ● Officially published on January 31, 2020 ● It’s a new, unified certification process that provides assurance to the DOD that a required entity is equipped to protect unclassified information, including any data that transfers between its vendors and partners.
  • 9. Who’s Affected by CMMC? ● Over 300,000 DoD suppliers who deal with Controlled Unclassified Information (CUI) must obtain a certification Small Subcontractors Big Prime
  • 10. CMMC Important Dates January 2020 DoD introduces Version 1.0 of the CMMC June 2020 Opens registration for C3PAOs and third-party assessors July 2020 DoD to creates and publishes a CMMC training September 2020 Implement CMMC into the DFARS regulation November 2020 Incorporate requirements in Requests for Proposals 2021 - 2026 Implementation of the CMMC through a phased rollout 2026 CMMC certification becomes a requirement
  • 11. Don’t Delay All new DoD contracts will contain CMMC requirement starting in FY2026
  • 12. Poll Time! Q: Have you begun preparation for CMMC?
  • 14.
  • 15. Step 1 Identify desired maturity level you want to be audited for and complete a self-assessment
  • 16.
  • 17. Step 2 Start drafting a budget for CMMC compliance to include costs for enhancing security requirements, updating policies, leveraging applications, contracting a Registered Provider Organization , and any additional
  • 18.
  • 19. Step 3 Configure your existing security environment to align to: ● FAR 50. 204-21 ● DFARS 252.204-7012 ● NIST 800-171 Contractors that implement all controls should be able to achieve CMMC Level 3
  • 20.
  • 21. Step 4 Build a Plan of Action & Milestones (POA&M) to ensure compliance will be achieved in a defined time period.
  • 22.
  • 23. Step 5 Find an available RPO or C3PAO who will schedule the assessment with the certified independent assessor
  • 24.
  • 25. Step 6 “6 month waiting period between application and certification” Culture takes time
  • 27. CMMC Levels of Maturity 1 2 3 4 5
  • 28. CMMC Levels of Maturity DoD contractors who wish to pass an audit at this level must implement 17 practices of FAR 52.204-21 Level 1 Demonstrates “Basic Cyber Hygiene”
  • 29. CMMC Levels of Maturity 1 2 3 4 5
  • 30. CMMC Levels of Maturity Here, DoD contractors must implement another 55 practices (72 total). Complying w/ FAR & including a select subset of 48 practices from NIST 800-171 rev1 plus seven new practices to support intermediate cyber hygiene. Level 2 Demonstrates “Intermediate Cyber Hygiene”
  • 31. CMMC Levels of Maturity 1 2 3 4 5
  • 32. CMMC Levels of Maturity To achieve level 3 certification, the final 58 practices of NIST 800-171 Rev1 plus 20 additional practices to support good cyber hygiene. Level 3 Demonstrates “Good Cyber Hygiene”
  • 33. CMMC Levels of Maturity 1 2 3 4 5
  • 34. CMMC Levels of Maturity In addition to the controls in levels 1 through 3, 11 more controls of NIST 800-171 Rev1 plus 22 new practices must be implemented. Level 4 Demonstrates “Proactive Cybersecurity”
  • 35. CMMC Levels of Maturity 1 2 3 4 5
  • 36. CMMC Levels of Maturity To achieve this highest level, DoD contractors must implement the final fifteen practices Level 5 Demonstrates “Advanced Cybersecurity”
  • 37. Poll Time! Q: What Maturity level do you need to achieve?