Preparing for the CMMC Auditor

1 Hour (45 Minutes Presentation & 15 Minutes Q&A)

In this session of the Ankura CMMC series we will focus on preparing for the certification audit and the steps any organization must take before seeking a CMMC-AB certified audit. We will also discuss some of the risks organizations must be aware of if they do not achieve the maturity level necessary to compete or maintain Department of Defense (DoD) contracts.

The webinar will focus on the importance of the organization’s supply chain being prepared. Without the supply chain, can your organization deliver the contracted obligations? Proper preparation can allow an organization to have a high degree of assurance that they are ready to be audited, and that their supply chain is ready as well.

The discussion will be led by current and former decision makers at large Defense Industrial Base (DIB) companies and former DoD professionals who will discuss the potential long-term effects to the competitiveness of organizations that do not successfully traverse the CMMC audit process.

What makes this course unique?

This course is designed to help organizations understand how to prepare for a CMMC certification audit.

An attendee will learn how to:

Why you need to prepare

What to prepare for

Is this like a DIBCAC audit?

Does self-attesting to DFARS 7012 qualify?

Who are the audits are focused on?

Are all CMMC levels audited?

Are audits different for different organizations / industries?

Can a pre-assessment be conducted?

Can I move everything to a “CMMC certified” cloud provider?

Will different contracts require different audits?

Industry Focus

Anyone who advise / consults with, supplies, or is in the defense sector.

Audience

Chief Risk Officers

Data Protection Officers

Chief Executive Officers

Chief Information Officers

Data Privacy Officers

Product Development Manager

Chief Compliance Officer

Chief Legal Officer

Chief Information Security Officer

Procurement Manager

Program Managers

Presenters

Daniel V. Medina

CIO, Native American Industrial Solutions LLC (NAIS)

Dan has over 20 years of experience as an information security principal in the United States government and in the private sector. He is a proven national security, cybersecurity, strategic risk planner, and operations leader who has managed various security engagements, including security architecture reviews, security baseline standards development, enhancing the protection of controlled unclassified information, and incident response cases around the world and in austere environments.

Dan specializes in designing pragmatic standards-based solutions to complex information security problems in order to meet business needs and ensure success. Previously, Dan worked as a Senior Director for National Security, Trade, and Technology enabling technology firms companies, investors, and their counsel navigate the rapidly changing business and compliance environment in areas such as: CMMC, DFARS, CFIUS, C-SCRM. Dan also worked at an international private sector software company where he was responsible for developing and leading strategic engagement, thought leadership, and business development. Before moving to the private sector Dan was the Chief of Staff of the Office of Cybersecurity and Communications, for the Department of Homeland Security which includes the management of a workforce of more than 1044 federal employees and a budget of over $1 billion. In this position Dan was as a key advisor on statue, strategy, and performance to the Assistant Secretary of Cybersecurity and Communications in planning the overall management policies, programs, and short and or long-range initiatives to lead the national effort to protect and enhance the resilience of the nation’s physical and cyber infrastructure. Dan is a Harvard Kennedy School Senior Executive Fellow, a graduate of the Carnegie Mellon Executive Chief Information Security Officer (CISO) Program, has a Master’s Degree in Business Administration and a Bachelor’s Degree in Information Technology.

Amy Mushahwar

Partner, Alston Bird

Amy Mushahwar is a partner on the Privacy & Data Security and Cybersecurity Preparedness & Response teams. Amy has over 20 years of experience in the technology space and focuses her practice on data security, cyber risk, privacy, and emerging technologies.

Amy advises clients on proactive data security practices, data breach incident response, and regulatory compliance. She handles security incidents and has interacted with federal and state agencies and forensic service providers, overseen investigations, and designed post-incident response notification and remediation plans. In addition to her incident response work, Amy provides compliance support on applicable security laws, PCI-DSS, and security audit standards such as NIST. She also facilitates in-depth security incident simulations.

Amy regularly advises clients on conducting practical assessments for cyber risk when working with vendors and other business partners, including review of applicable insurance policies and riders.

Amy assists clients in compliance with numerous privacy laws, such as the CCPA, TCPA, COPPA, GLBA, and FCRA, as well as in federal and state unfair and deceptive trade practices law pertaining to privacy.

Amy counsels clients on the process of digital transformation, implementing technologies such as automation, cloud computing, virtualization, virtualized networking, containerized environments, Big Data (data warehouses and data lakes), and artificial intelligence.

Amy is a former technology consultant and chief information security officer (CISO), and previously owned and operated a technology consulting company.

Robert S. Metzger

[email protected]

+1 213.880.4224 (mobile)

Robert Metzger, an attorney in private practice, heads the Washington, D.C. office of Rogers Joseph O’Donnell, PC, a firm that specializes in public contracts matters. Bob is a co-author of the 2018 MITRE “Deliver Uncompromised” Report considered “highly influential” on U.S. cyber and supply chain policies and practices, including DoD’s Cybersecurity Maturity Model Certification (CMMC) initiative. As a Special Government Employee, Bob served on the Defense Science Board task force that produced the 2017 Cyber Supply Chain Report, which received the 2018 SANS Institute “Difference Maker”award. He presented at the RSA Conference in 2017 and 2018 on IoT security issues and on supply chain security at RSA Public Sector Day in 2019 and 2020. Publications in 2020 include “Cyber Safety in the Era of Cyber Warfare,” published in The SciTech Lawyer and featured on the ABA main page.

Bob is recognized for subject area leadership in cyber, supply chain and related security matters. Chambers USA 2020 ranked Bob in Band 2 for Government Contracts – Nationwide and said that he is “routinely called upon by clients in cybersecurity matters, assisting clients with high-stakes contract procurements, qui tam litigation and compliance issues.” He is described by The Legal 500 (2020) as having “developed an ‘exceptional’ reputation for litigation and bid protests, as well as cybersecurity-related issues.” Who’s Who Legal (2018) described Bob as “shown by our research to be one of the leading [government contracts] practitioners worldwide” and has identified Bob as a “Global Elite Thought Leader” in 2018, 2019 and 2020 – one of five in the U.S. and 18 globally in 2020.Named a 2016 “Federal 100” awardee, Federal Computer Week cited Bob for his “ability to integrate policy, regulation and technology” and said of him: “In 2015, he was at the forefront of the convergence of the supply chain and cybersecurity, and his work continues to influence the strategies of federal entities and companies alike.”

Bob is a graduate of Georgetown University Law Center, where he was an Editor of the Georgetown Law Journal. Subsequently, he was a Research Fellow at the Center for Science & International Affairs (presently, “Belfer Center”) at the Harvard Kennedy School of Government.

1 Hour (45 Minutes Presentation & 15 Minutes Q&A)