CMMC is Official! What This Means to You Now

One Hour

On November 30th, the interim DFARS Case 2019–D041 becomes effective as the rule formally putting the CMMC cybersecurity regulation in force. The Rule goes further, however, by describing a new and more rigorous regime around the requirement for enhanced attestation, to NIST 800-171, under DFARS 252.204–7012.

Our expert panel includes a defense-sector CISO who lived the DFARS 7012 origination as the “test case”, a provisionally licensed CMMC C3PAO, and a Washington-based law firm with deep government contracts expertise. We will discuss the practical implications of both CMMC and the updated DFARS requirements from the strategic business perspective, the technical perspective, and the legal and regulatory perspective. Our emphasis will be how companies should approach their cybersecurity obligations and what companies should be doing now to ensure they are ready for the scrutiny and oversight that will come with this new rule.

What makes this course unique?

The interim rule is about to go into effect and companies will need to comply if they wish to work with the DoD. This webinar will focus on the challenges you must meet and prepare you to understand what your organization must do to meet the DFARS requirements.

An attendee will learn:

What the Interim Rule means and who is affected by it.

Why CMMC does not obviate 7012.

How the Interim Rule expands the DFARS 7012 with scoring and potential DIBCAC audit and liability risk.

Optimal strategies for approaching your assessment(s) and attestation.

How a CMMC assessment will be executed.

How a C3PAO thinks about assessments across widely diverse IT and security environments.

Avenues to challenge assessment findings.

How they can remediate failed controls within the “grace period.”

How a C3PAO thinks about the adequacy of compensating controls.

Pass or Fail – what is next.

Industry Focus

Anyone who advises, consults with, supplies, or is in the defense sector.

Audience

Chief Risk Officers

Data Protection Officers

Chief Executive Officers

Chief Information Officers

Data Privacy Officers

Product Development Manager

Chief Compliance Officers

Chief Legal Officers

Chief Information Security Officer

Procurement Managers

Program Managers

Sales and Business Development Leaders

Presenters

Stephen P. Gilmer

Senior Director, Ankura

Stephen is a Senior Director at Ankura with over 25 years as an Information Security executive with a focus in aerospace, defense, and life sciences. Steve has advised governments and Fortune 50 companies on a global, national, and state level, and is a leader of Ankura’s CMMC initiative.

Timothy Woodcome

Business Unit Director, NQA Global

Timothy J. Woodcome is the Business Unit Director at NQA, a leading global third-party certification body and pending CMMC C3PAO, Tim directly oversees NQA’s ISO, NIST and CMMC assessment programs. While CMMC is a very new and rapidly evolving development, Tim and the NQA team have been participating in the industry groups developing CMMC since mid-2019 and stand ready to be one of the forthcoming CMMC C3PAOs. Tim has worked in the third-party assessment field for over 25 years, with hands-on experience in internationally-recognized standards including Information Security (ISO 27001), Privacy (ISO 27701), IT Service Management (ISO 20000-1), Business Continuity (ISO 22301), and related disciplines (now including NIST 800-171 and CMMC) throughout that period. As a certified management systems lead assessor, Tim has led and participated in hundreds of third party audits for organizations in the ICT, finance, manufacturing and service industries within both the public and private sectors. Tim also serves on various industry working groups charged with the development and oversight of assessment standards and oversight of third-party certification processes.

Jon Knight

Senior Associate, Washington, D.C.

Jon Knight is a senior associate on Alston & Bird’s Privacy & Data Security Team in the Washington, D.C. office. He focuses his practice on cybersecurity and privacy compliance and enforcement, as well as emerging technology issues. He also has experience in representing clients before the GAO and the United States Court of Federal Claims on procurement issues.

Moderator

Scott Corzine

Senior Managing Director, Ankura

Scott Corzine is a Senior Managing Director at Ankura where he leads Ankura’s CMMC initiative from Washington, DC, and is developing tools and solutions to help companies better understand and manage their risk to CMMC exposure.

One Hour