Pass or Fail: What to Expect During a CMMC Audit

A Lifecycle Perspective

One Hour

In this session of the Ankura CMMC series we will focus on the CMMC audit with a provisional AB-trained assessor. The panel will address what to expect during an audit, how an organization can protect its assets while providing artifacts and sensitive data, and whether the assessor can remove information from your organization. We will also address the recourse or appeal process that an organization has available to it, if it disagrees with its audit results, as well as the lifecycle of the audit and results.

What makes this course unique?

Practical 360-degree view from provisional audit training, how the CMMC audit will work, how to best prepare for it, and how companies can dispute or challenge results.

An attendee will learn:

View CMMC thorough the lens of a defense sector CISO, an Audit Assessor, and a Government Contracts legal practice.

How to prepare for a CMMC audit

What a CMMC audit will be like

How organizational maturity is defined

How C3PAOs will assess widely varying security environments

Pass / Fail – There are options, sort of

Disagreeing with the assessment results

Insight to current (provisional) CMMC-AB C3PAO training

How the interim DFARS 7012 affects you

Why you should start now

Industry Focus

Anyone who advises, consults with, supplies, or is in the defense sector.

Audience

Chief Risk Officers

Data Protection Officers

Chief Executive Officers

Chief Information Officers

Data Privacy Officers

Product Development Manager

Chief Compliance Officers

Chief Legal Officers

Chief Information Security Officer

Procurement Managers

Program Managers

Sales and Business Development Leaders

Presenters

Stephen P. Gilmer

Senior Director, Ankura

Stephen is a Senior Director at Ankura with over 25 years as an Information Security executive with a focus in aerospace, defense, and life sciences. Steve has advised governments and Fortune 50 companies on a global, national, and state level, and is a leader of Ankura’s CMMC initiative.

Robert Huffman

Partner, Akin Gump

Bob Huffman is the leader of Akin Gump’s Government Contracts practice. Bob counsels aerospace/defense, healthcare and other companies on government contracts issues and represents those companies in contract disputes with the federal government and other contractors. He litigates contract issues in the Court of Federal Claims, the Boards of Contract Appeals, the Federal Circuit and other courts. Bob specializes in False Claims Act investigations and lawsuits; Intellectual Property in Government Contracts, including negotiating and litigating technical data and computer software license rights and patent infringement, validity, and licensing issues under 28 U.S.C. § 1498; cost accounting issues; commercial item pricing; and compliance with cyber security, Buy American Act, Trade Agreement Act, and other supply chain requirements. Bob also represents and advises companies in connection with mandatory disclosures, parallel criminal proceedings, suspension and debarment, congressional investigations, and other issues associated with fraud/false claims investigations and lawsuits. Bob speaks and writes extensively on Government Contracts and related issues, is an adjunct professor at the Georgetown University Law Center, where he was recently honored with the Charles Fahy Distinguished Adjunct Professor Award, and is the immediate past President of the Federal Circuit Bar Association. Bob is the Immediate Past President of the Federal Circuit Bar Association and an adjunct professor at Georgetown University Law Center. Bob holds a J.D. from Stanford Law School and a B.A. from Harvard University, magna cum laude.

Timothy Woodcome

Business Unit Director, NQA Global

Timothy J. Woodcome is the Business Unit Director at NQA, a leading global third-party certification body and pending CMMC C3PAO, Tim directly oversees NQA’s ISO, NIST and CMMC assessment programs. While CMMC is a very new and rapidly evolving development, Tim and the NQA team have been participating in the industry groups developing CMMC since mid-2019 and stand ready to be one of the forthcoming CMMC C3PAOs. Tim has worked in the third-party assessment field for over 25 years, with hands-on experience in internationally-recognized standards including Information Security (ISO 27001), Privacy (ISO 27701), IT Service Management (ISO 20000-1), Business Continuity (ISO 22301), and related disciplines (now including NIST 800-171 and CMMC) throughout that period. As a certified management systems lead assessor, Tim has led and participated in hundreds of third party audits for organizations in the ICT, finance, manufacturing and service industries within both the public and private sectors. Tim also serves on various industry working groups charged with the development and oversight of assessment standards and oversight of third-party certification processes.

Moderator

Scott Corzine

Senior Managing Director, Ankura

Scott Corzine is a Senior Managing Director at Ankura where he leads Ankura’s CMMC initiative from Washington, DC, and is developing tools and solutions to help companies better understand and manage their risk to CMMC exposure.

One Hour