Sessions
Keynote: Uniting the Framework with its CMMC Assessment
Session 1: Timeline to Compliance
Session 2: CUI
Session 3: Power Session - 1.5 Hours
Session 4: Building a Culture of Evidence
The Prime Panel
Session 5: Documentation -- Too Much, Too Little and Just Right
Session 6: Choosing a Service Provider
Session 7: Mock Assessment Walk-through Panel
Tommy Baril, US Government Accountability Office (GAO) Defense Capabilities and Management team
Jim Johnson, Safran
Regan Edens, DTC Global
Bill Cooper, Vanguard – Critical Infrastructure
Mike Ellestad, MpM Products – F-35 Supply Chain
Mitch Niemela, Tool Craft Precision
John Pantzer, Skywire Design – Engineering Firm
Chris Jensen, GracoRoberts
Scott Paul, Premier SS
Smart people learn from their mistakes. Smarter people learn from OTHER people’s mistakes. This dynamic panel is an opportunity you won’t get anywhere else – a chance to learn from companies who have already headed down the road to compliance. You’ll learn from those in the trenches on the right (and wrong) way to navigate CMMC.
Lincoln Neely, Beryllium Infosec
Practical implementation guidance for organizations to achieve and maintain CMMC compliance.
There's a lot of information to know surrounding CMMC: intricacies of CUI, scoping, technical baselines, documentation, ongoing compliance activities, and the list goes on. It's often overwhelming and leaves organizations unsure of how to proceed. This session aims to demystify the seemingly daunting task of CMMC compliance from an implementation perspective. Attendees will get a simplified framework of practical steps, considerations and decisions for their organization to make toward achieving –and maintaining– CMMC compliance.
Stuart Itkin, NeoSystems
Whether an advisor, a Managed Service Provider (MSP) or Managed Security Service Provider (MSSP), who you work with to achieve and maintain compliance is important. DoD regulations, DFARS 242.204-7012 and NIST 800-171 in particular, are very specific, as are the assessment objectives which must be satisfied to achieve compliance. Many providers capable of supporting commercial organizations don’t have the understanding of DoD regulations or the ability to ensure your organization will be compliant, although they may claim to. This session will explain what qualifications are important when evaluating advisors, MSPs and MSSPs, and how to ensure the providers you select are the right providers for your organization.
Fred Tsigiri, Guernsey
All government agencies are implementing new requirements for their supply chain. FEMA is pushing down NIST 800-171 or equivalent to private sector property insurers, TSA is updating pipeline security directives, and of course, the DoD implementation of CMMC to assess DFARS 7012 requirements. During this two-part conversation, we will discuss setting new business expectations to remain competitive in the marketplace and the growth opportunities each of us have as individuals to catapult our careers to the next level.
Mark Berman
Jim Goepel
To become compliant, third party assessors need documentation showing how your business operates securely and compliantly, with proof that you are following that system. If you aren’t careful, maintaining compliance can result in a flood of documents, and worse a ginormous and repeating process to prep for annual self-attestations and triennial third party assessments.
This session will teach you how to build a system from the ground up that minimizes disruption and improves quality organization-wide. Documented delivery of management’s needs through SOPs (standard operating procedures) for assessors can be contagious and go beyond cybersecurity. We’ll show you how to:
- Organize management’s desired outcomes through policy (and the pitfalls of overdoing it)
- How to create procedures and build habits that deliver policy outcomes
- Understand expected document types and relationships between them
- Create accountability
- End/prevent expensive pre-assessment discovery
- Monitor both compliance and employee performance in one system
Robert Teague, RedSpin
Lincoln Neely, Beryllium
Stuart Itkin, NeoSystems
In this session you will learn about current assessment trends including:
- FIPS 140-2 Validated Encryption
- Printing capabilities largely overlooked
- External Connections not identified
- Outdated Application Whitelist
- Commercial Cloud vs. Government Cloud
Several case studies will be discussed, and Robert will guide you through how to get started.