SlideShare uma empresa Scribd logo

CMMC for Contractors and Manufacturers – What to Know for 2023

Transferir como PPTX, PDF
Withum
Withum

Manufacturers, contractors, and suppliers who are members of (and/or affiliated with) the U.S. Defense Industrial Base (DIB) must prepare now to ensure assessment readiness. Fears of a near-term enormous bureaucratic traffic jam are arising as tens of thousands of SMBs scramble to become CMMC compliant to avoid administrative exclusion from the DOD bidding process.

Negócios
1 de 16
CMMC for Contractors and Manufacturers: What to Know for 2023 December 13th, 2022
Today’s Speakers Moderator Edward Keck, Jr. – Partner and Market Leader, Cyber and Information Security Services ekeck@withum.com Presenter Michael Seip – Lead Consultant, Cyber and CMMC Advisory mseip@withum.com
CMMC 2.0 At A Glance This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. Figure source: OUSD A&S – Cybersecurity Maturity Model Certification (CMMC) (osd.mil)
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. Key near-term dates regarding compliance 1. CMMC Interim Rule expected ≈ March 2023 • Quick refresher: Will require compliance with 110 NIST 800-171 controls. • Generally believed that the final form of this Rule will require a 3rd party (external) audit for nearly all* contractors requiring use of Controlled Unclassified Info (CUI). (i.e. ML-2) • * = Rule enables POA&Ms [Plan of Actions & Milestones] • POAM is a detailed - measurable - documented plan to achieve compliance in any non-compliant audit areas. • May be rejected if insufficiently detailed…
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. Key near-term dates regarding compliance 2. DFARS 7019 Final Rule approval – “December 2022” (!!!) Upon approval – this requires contractors to fully comply with: • All 110 NIST 800-171 controls • Complete a SPRS score (NIST 800-171) + report DOD is taking a hardline posture on this – have made very public reference (several times) regarding Dept of Justice actions to enforce False Claims Act…. LITIGATION
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. So… • Firms with significant revenue from DOD contracts –the time is nigh… • Audits are underway for peer firms as we speak… • If you haven’t already begun preparation, START IMMEDIATELY! • Until now, a few contractors have been through a provisional ML-2 audit, mostly those seeking immediate designation as C3PAO orgs. BUT • The number of external audits will increase, probably sharply. There is an urgent need to adequately develop the CMMC Assessor community & infrastructure. • Why? Estimated 80,000+ DIB orgs will require an external audit for ML-2 certification. • This screams BACKLOG
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. So it begins….
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. What can clients do now to prepare?  CMMC ML-1/2 Processes & Controls highly aligned with NIST 800-171 • This has been described as an “Organizational Behaviors & Training” -a related phase of preparation. • i.e. How do you execute day-to-day ops with CMMC-covered info? Any gaps? • Gather documented evidence to build a SSP (System Security Plan) re: Processes and Security Policies IAW NIST 800-171. [Example next slide]  There will also be an infrastructure component of preparation - needed to achieve compliance. • DEPENDS – what is the nature of the product or service? • Prime or Subcontract-related? • There is a wide range of DIB manufacturing processes – so this varies widely. • Computing infrastructure: dedicated CMMC sandbox or shared enclave (cloud-based, perhaps)
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. What can clients do now to prepare? • Clients can immediately begin formal documentation of security controls required IAW NIST 800-171. Example(s): • Ensure use of NIST-compliant Data Sanitization Certificate (or something closely equivalent) This certificate is simply an example of the types of information that should be collected and how a certificate might be formatted. An organization could alternatively choose to electronically record sanitization details, either through a native application or by using a form such as this one with an automated data transfer utility (such as a PDF form with a button to send the data to a database or email address) . In the event that the records need to be referenced in the future, electronic records will likely provide the fastest search capabilities and best likelihood that the records are reliably retained. • Source: Appendix G of NIST Special Publication (SP) 800-88 Revision 1, Guidelines for Media Sanitization, available at https://doi.org/10.6028/NIST.SP.800-88r1
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. What can clients do now to prepare? • There are several vendors/platforms offering CMMC compliance tracking SW. • Example above is of CMMC compliance mgmt platform from Summit7 • Lots of supporting info online & is a well-regarded option… there are several others equally as capable. • https://info.summit7.us/blog/a-detailed-review-of-nist-sp-800-171 • Get Organized. Start with planning for the process to come.
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. What can clients do now to prepare? • Example above is of CMMC compliance mgmt platform from ComplyUp • Lots of supporting info online & is a well-regarded option… there are several others equally as capable.
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. MD&L client notable items • If MD&L client uses ICS (Industrial Control Systems – e.g. SCADA), there is special attention/focus from both regulators and threat actors. • Know if client is part of designated ‘Critical Infrastructure’. • Could result from the mission focus of service offerings and capabilities. • Or through use of hardware/tech considered thus. • APT groups and higher capability threat groups increasingly targeting ICS orgs.
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. MD&L client notable items • APT groups and higher capability threat groups increasingly targeting ICS orgs.
What now? Check OUSD(A&S) website – 5 “baby steps down the hall” This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved.
What now? START. PREP. NOW!!!! Doing business with US Gov’t will require some form of cybersecurity compliance and verification in the future. • It will almost certainly be CMMC/NIST (or, at minimum, will be derived from them). • Withum CMMC Advisory & Prep is here to help. “The worst thing that can happen is you make your company more secure.”
This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. For information, please contact: Withum Cyber Security Advisory Services & CMMC Advisory Wcyber.CMMC@withum.com Michael Seip, CMMC-RP Office: (973) 358-2537 mseip@withum.com Edward Keck, Jr., MBA, CISSP Office: (973) 867-7447 ekeck@withum.com

Recomendados

Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)NoCodeHardening
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 
Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationMurray Security Services
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 

Recomendados

Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...John Gilligan
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)Hardening as a Part of a holistic Security Strategy (UPDATE)
Hardening as a Part of a holistic Security Strategy (UPDATE)NoCodeHardening
 
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfA Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdfJack Nichelson
 
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareHow I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance NightmareIgnyte Assurance Platform
 
Cybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationCybersecurity Maturity Model Certification
Cybersecurity Maturity Model CertificationMurray Security Services
 
CMMC Breakdown
CMMC BreakdownCMMC Breakdown
CMMC BreakdownIgnyte Assurance Platform
 
2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deck2016 01-05 csr css non-confidential slide deck
2016 01-05 csr css non-confidential slide deckRichard (Dick) Kaufman
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowPECB
 
Microsoft Private Cloud Computing
Microsoft Private Cloud ComputingMicrosoft Private Cloud Computing
Microsoft Private Cloud Computingvncson
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...Ignyte Assurance Platform
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfAmyPoblete3
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsGovernment Technology and Services Coalition
 
Security In The Supply Chain
Security In The Supply ChainSecurity In The Supply Chain
Security In The Supply ChainJohn Gilligan
 
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Robert E Jones
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)Shane Coughlan
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptxWhy Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptxJamie Coleman
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
 
GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?QualiQuali
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAndy Taylor
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsJSchaus & Associates
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07Shane Coughlan
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
 
Sage Intacct R3 Release 2023
Sage Intacct R3 Release 2023Sage Intacct R3 Release 2023
Sage Intacct R3 Release 2023Withum
 
Congressional Update on Potential Tax Legislation For You and Your Business.pptx
Congressional Update on Potential Tax Legislation For You and Your Business.pptxCongressional Update on Potential Tax Legislation For You and Your Business.pptx
Congressional Update on Potential Tax Legislation For You and Your Business.pptxWithum
 

Mais conteúdo relacionado

Semelhante a CMMC for Contractors and Manufacturers – What to Know for 2023

CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowPECB
 
Microsoft Private Cloud Computing
Microsoft Private Cloud ComputingMicrosoft Private Cloud Computing
Microsoft Private Cloud Computingvncson
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...Ignyte Assurance Platform
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfAmyPoblete3
 
Security In The Supply Chain
Security In The Supply ChainSecurity In The Supply Chain
Security In The Supply ChainJohn Gilligan
 
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Robert E Jones
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCimetrics Inc
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)Shane Coughlan
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceEnergySec
 
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptxWhy Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptxJamie Coleman
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWithum
 
GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?QualiQuali
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAndy Taylor
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsJSchaus & Associates
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07Shane Coughlan
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?360mnbsu
 

Semelhante a CMMC for Contractors and Manufacturers – What to Know for 2023 (20)

CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
 
Microsoft Private Cloud Computing
Microsoft Private Cloud ComputingMicrosoft Private Cloud Computing
Microsoft Private Cloud Computing
 
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
How CMMC Auditors Recommend You Defend Your Organization - Completed March, 2...
 
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdfControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
 
Key Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government ContractorsKey Cyber Security Issues for Government Contractors
Key Cyber Security Issues for Government Contractors
 
Security In The Supply Chain
Security In The Supply ChainSecurity In The Supply Chain
Security In The Supply Chain
 
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
 
Cybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide DeckCybersecurity Summit 2020 Slide Deck
Cybersecurity Summit 2020 Slide Deck
 
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
OpenChain Monthly Meeting 2023-02-21 (North America and Asia)
 
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
 
Cybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond ComplianceCybersecurity for Energy: Moving Beyond Compliance
Cybersecurity for Energy: Moving Beyond Compliance
 
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptxWhy Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
Why Building Your Ship (Application) with Raw Materials is a Bad Idea!.pptx
 
Webinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the TrenchesWebinar: Be Cyber Smart – Stories from the Trenches
Webinar: Be Cyber Smart – Stories from the Trenches
 
GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?GDPR Compliance Countdown - Is your Application environment ready?
GDPR Compliance Countdown - Is your Application environment ready?
 
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution SlidesAEE Cybersecurity for the IOT in Facility Energy Distribution Slides
AEE Cybersecurity for the IOT in Facility Energy Distribution Slides
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal ContractorsArnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
Arnold & Porter Cybersecurity Compliance and Enforcement for Federal Contractors
 
OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07OpenChain Monthly Meeting North America - Europe - 2023-02-07
OpenChain Monthly Meeting North America - Europe - 2023-02-07
 
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...
 
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
Brian Isle: The Internet of Things: Manufacturing Panacea - or - Hacker's Dream?
 

Mais de Withum

Sage Intacct R3 Release 2023
Sage Intacct R3 Release 2023Sage Intacct R3 Release 2023
Sage Intacct R3 Release 2023Withum
 
Congressional Update on Potential Tax Legislation For You and Your Business.pptx
Congressional Update on Potential Tax Legislation For You and Your Business.pptxCongressional Update on Potential Tax Legislation For You and Your Business.pptx
Congressional Update on Potential Tax Legislation For You and Your Business.pptxWithum
 
Power Platform Governance Center of Excellence
Power Platform Governance Center of ExcellencePower Platform Governance Center of Excellence
Power Platform Governance Center of ExcellenceWithum
 
Safeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber ThreatsSafeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber ThreatsWithum
 
IRS Audits of The ERC 5.31.2023
IRS Audits of The ERC 5.31.2023IRS Audits of The ERC 5.31.2023
IRS Audits of The ERC 5.31.2023Withum
 
Navigating Through Uncertain Times: An Economic Update for Manufacturers with...
Navigating Through Uncertain Times: An Economic Update for Manufacturers with...Navigating Through Uncertain Times: An Economic Update for Manufacturers with...
Navigating Through Uncertain Times: An Economic Update for Manufacturers with...Withum
 
Put Your NetSuite Data to Work – Discover Better NetSuite Reporting
Put Your NetSuite Data to Work – Discover Better NetSuite ReportingPut Your NetSuite Data to Work – Discover Better NetSuite Reporting
Put Your NetSuite Data to Work – Discover Better NetSuite ReportingWithum
 
IRS Audits of The Employee Retention Credit 2.16.23.pdf
IRS Audits of The Employee Retention Credit 2.16.23.pdfIRS Audits of The Employee Retention Credit 2.16.23.pdf
IRS Audits of The Employee Retention Credit 2.16.23.pdfWithum
 
International Tax and TP in the Metaverse 2.9.23.pptx
International Tax and TP in the Metaverse 2.9.23.pptxInternational Tax and TP in the Metaverse 2.9.23.pptx
International Tax and TP in the Metaverse 2.9.23.pptxWithum
 
Sales Use Tax Opportunities and Traps Affecting Your Business
Sales Use Tax Opportunities and Traps Affecting Your BusinessSales Use Tax Opportunities and Traps Affecting Your Business
Sales Use Tax Opportunities and Traps Affecting Your BusinessWithum
 
Tax Planning for Property Owners – 2022 Year-End and Beyond
Tax Planning for Property Owners – 2022 Year-End and BeyondTax Planning for Property Owners – 2022 Year-End and Beyond
Tax Planning for Property Owners – 2022 Year-End and BeyondWithum
 
Webinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdf
Webinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdfWebinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdf
Webinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdfWithum
 
Lessons from the First 100 Days of Recreational Cannabis in New Jersey
Lessons from the First 100 Days of Recreational Cannabis in New JerseyLessons from the First 100 Days of Recreational Cannabis in New Jersey
Lessons from the First 100 Days of Recreational Cannabis in New JerseyWithum
 
6 Ways to Accelerate Your Multichannel Growth
6 Ways to Accelerate Your Multichannel Growth6 Ways to Accelerate Your Multichannel Growth
6 Ways to Accelerate Your Multichannel GrowthWithum
 
Is There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
Is There A Union In Your Future? Understanding Cannabis Labor Peace AgreementsIs There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
Is There A Union In Your Future? Understanding Cannabis Labor Peace AgreementsWithum
 
The Business of Sustainable Supply Chains for Manufacturers
The Business of Sustainable Supply Chains for ManufacturersThe Business of Sustainable Supply Chains for Manufacturers
The Business of Sustainable Supply Chains for ManufacturersWithum
 
Using Cutting Edge Engagement Tools to Improve Talent Retention
Using Cutting Edge Engagement Tools to Improve Talent RetentionUsing Cutting Edge Engagement Tools to Improve Talent Retention
Using Cutting Edge Engagement Tools to Improve Talent RetentionWithum
 
PL 86-272 - The Past Present and Future
PL 86-272 - The Past Present and FuturePL 86-272 - The Past Present and Future
PL 86-272 - The Past Present and FutureWithum
 
Withum Global Summit 2022 6.8.22.pdf
Withum Global Summit 2022 6.8.22.pdfWithum Global Summit 2022 6.8.22.pdf
Withum Global Summit 2022 6.8.22.pdfWithum
 
Winning the War for Talent in 2022: Strategies for Attracting Top Laterals an...
Winning the War for Talent in 2022: Strategies for Attracting Top Laterals an...Winning the War for Talent in 2022: Strategies for Attracting Top Laterals an...
Winning the War for Talent in 2022: Strategies for Attracting Top Laterals an...Withum
 

Mais de Withum (20)

Sage Intacct R3 Release 2023
Sage Intacct R3 Release 2023Sage Intacct R3 Release 2023
Sage Intacct R3 Release 2023
 
Congressional Update on Potential Tax Legislation For You and Your Business.pptx
Congressional Update on Potential Tax Legislation For You and Your Business.pptxCongressional Update on Potential Tax Legislation For You and Your Business.pptx
Congressional Update on Potential Tax Legislation For You and Your Business.pptx
 
Power Platform Governance Center of Excellence
Power Platform Governance Center of ExcellencePower Platform Governance Center of Excellence
Power Platform Governance Center of Excellence
 
Safeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber ThreatsSafeguarding Your Law Firm Against Cyber Threats
Safeguarding Your Law Firm Against Cyber Threats
 
IRS Audits of The ERC 5.31.2023
IRS Audits of The ERC 5.31.2023IRS Audits of The ERC 5.31.2023
IRS Audits of The ERC 5.31.2023
 
Navigating Through Uncertain Times: An Economic Update for Manufacturers with...
Navigating Through Uncertain Times: An Economic Update for Manufacturers with...Navigating Through Uncertain Times: An Economic Update for Manufacturers with...
Navigating Through Uncertain Times: An Economic Update for Manufacturers with...
 
Put Your NetSuite Data to Work – Discover Better NetSuite Reporting
Put Your NetSuite Data to Work – Discover Better NetSuite ReportingPut Your NetSuite Data to Work – Discover Better NetSuite Reporting
Put Your NetSuite Data to Work – Discover Better NetSuite Reporting
 
IRS Audits of The Employee Retention Credit 2.16.23.pdf
IRS Audits of The Employee Retention Credit 2.16.23.pdfIRS Audits of The Employee Retention Credit 2.16.23.pdf
IRS Audits of The Employee Retention Credit 2.16.23.pdf
 
International Tax and TP in the Metaverse 2.9.23.pptx
International Tax and TP in the Metaverse 2.9.23.pptxInternational Tax and TP in the Metaverse 2.9.23.pptx
International Tax and TP in the Metaverse 2.9.23.pptx
 
Sales Use Tax Opportunities and Traps Affecting Your Business
Sales Use Tax Opportunities and Traps Affecting Your BusinessSales Use Tax Opportunities and Traps Affecting Your Business
Sales Use Tax Opportunities and Traps Affecting Your Business
 
Tax Planning for Property Owners – 2022 Year-End and Beyond
Tax Planning for Property Owners – 2022 Year-End and BeyondTax Planning for Property Owners – 2022 Year-End and Beyond
Tax Planning for Property Owners – 2022 Year-End and Beyond
 
Webinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdf
Webinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdfWebinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdf
Webinar: Year-End Planning Steps for Success in 2022 11.29.2022.pdf
 
Lessons from the First 100 Days of Recreational Cannabis in New Jersey
Lessons from the First 100 Days of Recreational Cannabis in New JerseyLessons from the First 100 Days of Recreational Cannabis in New Jersey
Lessons from the First 100 Days of Recreational Cannabis in New Jersey
 
6 Ways to Accelerate Your Multichannel Growth
6 Ways to Accelerate Your Multichannel Growth6 Ways to Accelerate Your Multichannel Growth
6 Ways to Accelerate Your Multichannel Growth
 
Is There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
Is There A Union In Your Future? Understanding Cannabis Labor Peace AgreementsIs There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
Is There A Union In Your Future? Understanding Cannabis Labor Peace Agreements
 
The Business of Sustainable Supply Chains for Manufacturers
The Business of Sustainable Supply Chains for ManufacturersThe Business of Sustainable Supply Chains for Manufacturers
The Business of Sustainable Supply Chains for Manufacturers
 
Using Cutting Edge Engagement Tools to Improve Talent Retention
Using Cutting Edge Engagement Tools to Improve Talent RetentionUsing Cutting Edge Engagement Tools to Improve Talent Retention
Using Cutting Edge Engagement Tools to Improve Talent Retention
 
PL 86-272 - The Past Present and Future
PL 86-272 - The Past Present and FuturePL 86-272 - The Past Present and Future
PL 86-272 - The Past Present and Future
 
Withum Global Summit 2022 6.8.22.pdf
Withum Global Summit 2022 6.8.22.pdfWithum Global Summit 2022 6.8.22.pdf
Withum Global Summit 2022 6.8.22.pdf
 
Winning the War for Talent in 2022: Strategies for Attracting Top Laterals an...
Winning the War for Talent in 2022: Strategies for Attracting Top Laterals an...Winning the War for Talent in 2022: Strategies for Attracting Top Laterals an...
Winning the War for Talent in 2022: Strategies for Attracting Top Laterals an...
 

Último

Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with CultureSeta Wicaksana
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxAndy Lambert
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsMichael W. Hawkins
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...amitlee9823
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyEthan lee
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communicationskarancommunications
 

Último (20)

Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Organizational Transformation Lead with Culture
Organizational Transformation Lead with CultureOrganizational Transformation Lead with Culture
Organizational Transformation Lead with Culture
 
Monthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptxMonthly Social Media Update April 2024 pptx.pptx
Monthly Social Media Update April 2024 pptx.pptx
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael HawkinsHONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case studyThe Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Pharma Works Profile of Karan Communications
Pharma Works Profile of Karan CommunicationsPharma Works Profile of Karan Communications
Pharma Works Profile of Karan Communications
 

CMMC for Contractors and Manufacturers – What to Know for 2023

  • 1. CMMC for Contractors and Manufacturers: What to Know for 2023 December 13th, 2022
  • 2. Today’s Speakers Moderator Edward Keck, Jr. – Partner and Market Leader, Cyber and Information Security Services ekeck@withum.com Presenter Michael Seip – Lead Consultant, Cyber and CMMC Advisory mseip@withum.com
  • 3. CMMC 2.0 At A Glance This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. Figure source: OUSD A&S – Cybersecurity Maturity Model Certification (CMMC) (osd.mil)
  • 4. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. Key near-term dates regarding compliance 1. CMMC Interim Rule expected ≈ March 2023 • Quick refresher: Will require compliance with 110 NIST 800-171 controls. • Generally believed that the final form of this Rule will require a 3rd party (external) audit for nearly all* contractors requiring use of Controlled Unclassified Info (CUI). (i.e. ML-2) • * = Rule enables POA&Ms [Plan of Actions & Milestones] • POAM is a detailed - measurable - documented plan to achieve compliance in any non-compliant audit areas. • May be rejected if insufficiently detailed…
  • 5. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. Key near-term dates regarding compliance 2. DFARS 7019 Final Rule approval – “December 2022” (!!!) Upon approval – this requires contractors to fully comply with: • All 110 NIST 800-171 controls • Complete a SPRS score (NIST 800-171) + report DOD is taking a hardline posture on this – have made very public reference (several times) regarding Dept of Justice actions to enforce False Claims Act…. LITIGATION
  • 6. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. So… • Firms with significant revenue from DOD contracts –the time is nigh… • Audits are underway for peer firms as we speak… • If you haven’t already begun preparation, START IMMEDIATELY! • Until now, a few contractors have been through a provisional ML-2 audit, mostly those seeking immediate designation as C3PAO orgs. BUT • The number of external audits will increase, probably sharply. There is an urgent need to adequately develop the CMMC Assessor community & infrastructure. • Why? Estimated 80,000+ DIB orgs will require an external audit for ML-2 certification. • This screams BACKLOG
  • 7. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. So it begins….
  • 8. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. What can clients do now to prepare?  CMMC ML-1/2 Processes & Controls highly aligned with NIST 800-171 • This has been described as an “Organizational Behaviors & Training” -a related phase of preparation. • i.e. How do you execute day-to-day ops with CMMC-covered info? Any gaps? • Gather documented evidence to build a SSP (System Security Plan) re: Processes and Security Policies IAW NIST 800-171. [Example next slide]  There will also be an infrastructure component of preparation - needed to achieve compliance. • DEPENDS – what is the nature of the product or service? • Prime or Subcontract-related? • There is a wide range of DIB manufacturing processes – so this varies widely. • Computing infrastructure: dedicated CMMC sandbox or shared enclave (cloud-based, perhaps)
  • 9. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. What can clients do now to prepare? • Clients can immediately begin formal documentation of security controls required IAW NIST 800-171. Example(s): • Ensure use of NIST-compliant Data Sanitization Certificate (or something closely equivalent) This certificate is simply an example of the types of information that should be collected and how a certificate might be formatted. An organization could alternatively choose to electronically record sanitization details, either through a native application or by using a form such as this one with an automated data transfer utility (such as a PDF form with a button to send the data to a database or email address) . In the event that the records need to be referenced in the future, electronic records will likely provide the fastest search capabilities and best likelihood that the records are reliably retained. • Source: Appendix G of NIST Special Publication (SP) 800-88 Revision 1, Guidelines for Media Sanitization, available at https://doi.org/10.6028/NIST.SP.800-88r1
  • 10. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. What can clients do now to prepare? • There are several vendors/platforms offering CMMC compliance tracking SW. • Example above is of CMMC compliance mgmt platform from Summit7 • Lots of supporting info online & is a well-regarded option… there are several others equally as capable. • https://info.summit7.us/blog/a-detailed-review-of-nist-sp-800-171 • Get Organized. Start with planning for the process to come.
  • 11. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. What can clients do now to prepare? • Example above is of CMMC compliance mgmt platform from ComplyUp • Lots of supporting info online & is a well-regarded option… there are several others equally as capable.
  • 12. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. MD&L client notable items • If MD&L client uses ICS (Industrial Control Systems – e.g. SCADA), there is special attention/focus from both regulators and threat actors. • Know if client is part of designated ‘Critical Infrastructure’. • Could result from the mission focus of service offerings and capabilities. • Or through use of hardware/tech considered thus. • APT groups and higher capability threat groups increasingly targeting ICS orgs.
  • 13. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. MD&L client notable items • APT groups and higher capability threat groups increasingly targeting ICS orgs.
  • 14. What now? Check OUSD(A&S) website – 5 “baby steps down the hall” This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved.
  • 15. What now? START. PREP. NOW!!!! Doing business with US Gov’t will require some form of cybersecurity compliance and verification in the future. • It will almost certainly be CMMC/NIST (or, at minimum, will be derived from them). • Withum CMMC Advisory & Prep is here to help. “The worst thing that can happen is you make your company more secure.”
  • 16. This presentation is protected by U.S. copyright laws. Reproduction and/or distribution of the presentation without written permission of Withum is prohibited. ©2022 WithumSmith+Brown, PC All rights reserved. For information, please contact: Withum Cyber Security Advisory Services & CMMC Advisory Wcyber.CMMC@withum.com Michael Seip, CMMC-RP Office: (973) 358-2537 mseip@withum.com Edward Keck, Jr., MBA, CISSP Office: (973) 867-7447 ekeck@withum.com