Pass or Fail: What to Expect During a CMMC Audit
A Lifecycle Perspective
One Hour
Pass or Fail: What to Expect During a CMMC Audit

In this session of the Ankura CMMC series we will focus on the CMMC audit with a provisional AB-trained assessor. The panel will address what to expect during an audit, how an organization can protect its assets while providing artifacts and sensitive data, and whether the assessor can remove information from your organization. We will also address the recourse or appeal process that an organization has available to it, if it disagrees with its audit results, as well as the lifecycle of the audit and results.

What makes this course unique?
Practical 360-degree view from provisional audit training, how the CMMC audit will work, how to best prepare for it, and how companies can dispute or challenge results.
An attendee will learn:
View CMMC thorough the lens of a defense sector CISO, an Audit Assessor, and a Government Contracts legal practice.
How to prepare for a CMMC audit
What a CMMC audit will be like
How organizational maturity is defined
How C3PAOs will assess widely varying security environments
Pass / Fail – There are options, sort of
Disagreeing with the assessment results
Insight to current (provisional) CMMC-AB C3PAO training
How the interim DFARS 7012 affects you
Why you should start now
Industry Focus
Anyone who advises, consults with, supplies, or is in the defense sector.
Chief Risk Officers
Data Protection Officers
Chief Executive Officers
Chief Information Officers
Data Privacy Officers
Product Development Manager
Chief Compliance Officers
Chief Legal Officers
Chief Information Security Officer
Procurement Managers
Program Managers
Sales and Business Development Leaders


Stephen P. Gilmer

Senior Director, Ankura

Stephen is a Senior Director at Ankura with over 25 years as an Information Security executive with a focus in aerospace, defense, and life sciences. Steve has advised governments and Fortune 50 companies on a global, national, and state level, and is a leader of Ankura’s CMMC initiative.
Robert Huffman

Partner, Akin Gump 

Bob Huffman is the leader of Akin Gump’s Government Contracts practice. Bob counsels aerospace/defense, healthcare and other companies on government contracts issues and represents those companies in contract disputes with the federal government and other contractors. He litigates contract issues in the Court of Federal Claims, the Boards of Contract Appeals, the Federal Circuit and other courts. Bob specializes in False Claims Act investigations and lawsuits; Intellectual Property in Government Contracts, including negotiating and litigating technical data and computer software license rights and patent infringement, validity, and licensing issues under 28 U.S.C. § 1498; cost accounting issues; commercial item pricing; and compliance with cyber security, Buy American Act, Trade Agreement Act, and other supply chain requirements. Bob also represents and advises companies in connection with mandatory disclosures, parallel criminal proceedings, suspension and debarment, congressional investigations, and other issues associated with fraud/false claims investigations and lawsuits. Bob speaks and writes extensively on Government Contracts and related issues, is an adjunct professor at the Georgetown University Law Center, where he was recently honored with the Charles Fahy Distinguished Adjunct Professor Award, and is the immediate past President of the Federal Circuit Bar Association. Bob is the Immediate Past President of the Federal Circuit Bar Association and an adjunct professor at Georgetown University Law Center. Bob holds a J.D. from Stanford Law School and a B.A. from Harvard University, magna cum laude.
Timothy Woodcome

Business Unit Director, NQA Global 


Timothy J. Woodcome is the Business Unit Director at NQA, a leading global third-party certification body and pending CMMC C3PAO, Tim directly oversees NQA’s ISO, NIST and CMMC assessment programs. While CMMC is a very new and rapidly evolving development, Tim and the NQA team have been participating in the industry groups developing CMMC since mid-2019 and stand ready to be one of the forthcoming CMMC C3PAOs. Tim has worked in the third-party assessment field for over 25 years, with hands-on experience in internationally-recognized standards including Information Security (ISO 27001), Privacy (ISO 27701), IT Service Management (ISO 20000-1), Business Continuity (ISO 22301), and related disciplines (now including NIST 800-171 and CMMC) throughout that period. As a certified management systems lead assessor, Tim has led and participated in hundreds of third party audits for organizations in the ICT, finance, manufacturing and service industries within both the public and private sectors. Tim also serves on various industry working groups charged with the development and oversight of assessment standards and oversight of third-party certification processes.


Scott Corzine

Senior Managing Director, Ankura 

Scott Corzine is a Senior Managing Director at Ankura where he leads Ankura’s CMMC initiative from Washington, DC, and is developing tools and solutions to help companies better understand and manage their risk to CMMC exposure.
One Hour
Back To Top