Sessions
Day 1: October 7, 2024
Keynote: State of the CMMC Ecosystem
Matt Travis, Cyber AB
- What is new?
- What is coming?
- Federal resources available
Session 1: Timeline to Compliance
Nancy Laney, PEAK Complyance
- Walk-through of what needs to happen
- When to be ready to schedule an official assessment
- List of milestones
Session 2: CUI
Regan Edens, DTC Global
- CUI vs. COTS
- FCI Scope vs. CUI Scope
- CUI Marking
- Reporting and Responding to Incidents
Day 2: October 8, 2024
Keynote: DIBCAC Lessons Learned from JSVA
Nick Delrosso, DIBCAC
- What is new?
- What is coming?
Session 3: Assess, Document, Evidence -> Repeat
Regan Edens, DTC Global
Jim Johnson, Safran Group
Tiffiney Groce, Garbon Aerospace
- Initial assessment of the control
- How to document the control
- How to evidence the control
Session 4: Building a Culture of Evidence
- The challenge of creating evidence regularly
- Boeing - a case study
- CMMC benefits of SOPs to management and quality product delivery
Keynote with Mitch Thornton, Darwin Deason Institute fro Cybersecurity, SMU
Session 5: Documentation -- Too Much, Too Little and Just Right
Mark Berman and Jim Goepel, FutureFeed
- Examine: Evidence and Artifacts needed to validate a control
- Interview: How to direct the assessor to the right interviewees and tips for the interviewee
- Control Summaries
- Objective Statements
- Best Practices for keeping policies and procedures up-to-date
- Reference Documents - what is needed and how frequently to refresh your content
Session 6: Choosing a Service Provider
Stuart Itkin, NeoSystems
- Why do I need one?
- ESP, MSP, MSSP, Consultant
- Is my MSP my consultant?
- Mock Assessment
- C3PAP
Session 7: Mock Assessment Walk-through Panel
Nick Delrosso, DIBCAC
Robert Hill, Cyturus Technologies
Jerry Leishman, NeoSytems