Below, please find the recordings and slide decks for each of the sessions.
- Keynote: State of the Union for CMMC
- Legal Requirements for Meeting the NIST and CMMC Compliance Standards
- Lessons from C3PAOs on Voluntary Assessments
- Achieving CMMC Compliance – Primes’ Expectations for their Subcontractors
- Master Class in Compliance with Jill Lawson
- An Accelerated Path to CMMC Compliance
- Master Class in Compliance with Ryan Bonner
- Compliance Overview: What you need to know about CMMC & NIST 800-171
- Achieving ITAR Compliance with End-to-End Encryption
- A Master Class in Secure Enclave
Keynote: State of the Union for CMMC
Speakers:
Stacy Bostjanick CMMC Program Head, U.S. Department of Defense
William Spence Team Chief @ Defense Industrial Base Cybersecurity Assessment Center (DIBCAC)
Jennifer Henderson Cybersecurity Specialist/ Future Operations @ DIBCAC
Overview:
Stacy provided participants with an update on the CMMC program’s timeline as well as information on the steps defense contractors need to take to be ready for CMMC’s rollout in 2023.
William and Jennifer will provide an overview of what DIBCAC will expect from defense contractors need to pass voluntary assessments today and CMMC assessments in 2023. Here is a link to their slide deck.
Legal Requirements for Meeting the NIST and CMMC Compliance Standards
Speaker:
Robert Metzger Partner @ RJO; Co-author of MITRE “Deliver Uncompromised” Report
Overview:
In his session, Robert provided participants with an in-depth understanding of their legal obligations to meet the NIST and CMMC compliance standards today and the implications of failing to meet them.
Lessons from C3PAOs on Voluntary Assessments
Speakers:
Stacy High-Brinkley– CISO @ Cask (Authorized C3PAO)
Stuart Itkin– VP CMMC and FedRAMP Assurance @ Coalfire Federal (Authorized C3PAO)
Marci Womack– CMMC Provisional Assessor & CMMC Lead @ Schellman (Authorized C3PAO)
Robert Teague – Manager CMMC Services @ Redspin (Authorized C3PAO)
Overview:
In this session, four C3PAOs shared the lessons they learned from conducting some of the first Voluntary Assessments on defense contractors. In addition these C3PAOs shared important take aways for defense contractors in upcoming CMMC assessments.
Achieving CMMC Compliance – Primes’ Expectations for their Subcontractors
Speakers:
JC Dodson – VP & Chief Security Officer, BAE Systems
Overview:
This session provided insights from JC Dodson (VP & Chief Security Office, BAE Systems) on the compliance expectations Prime contractors like BAE have for their subcontractors. In addition, it looked at the consequences and repercussions defense contractors can face should they have low SPRS scores, fail to file an SPRS score or suffer a cyber incident and have not made adequate plans for Incident Response or meeting their DFARS c-g requirements.
Master Class in Compliance with Jill Lawson
Speaker:
Jill Lawson – DoD Acquisition Policy Specialist
Overview:
Jill was instrumental in providing important feedback on the initial drafts of the CMMC standard. In addition, Jill has over 30 years of contracting experience in the DoD. She will bring this wealth of experience to her Master Class where she will help participants understand key compliance drivers and how they can facilitate meeting their CMMC compliance requirements.
An Accelerated Path to CMMC Compliance
Speakers:
Ted Steffan – Lead Compliance Acceleration @ Amazon Web Services (AWS)
Matt Majot – Director @ ComplyUp
Jose Neto – Founder, PC Warriors
Ted Steffan, Matt Majot and Jose Neto delivered a tactical session to help defense contractors understand a practical path to accelerating their CMMC compliance obligations and preparing for DoD assessments. Their session brought together many of the themes of the CMMC Day, focusing on how contractors can get started on their DFARS 7012 and NIST 800-171 compliance, how Governance, Risk & Compliance (GRC) tools can help organize compliance efforts and what tools are available to help them protect their CUI.Here is a link to the slide deck.
Master Class in Compliance with Ryan Bonner
Speakers:
Ryan Bonner – Founder & CEO @ DEFCERT
Ryan Bonner – a sought after speaker on NIST 800-171, CMMC and DFARS 7012 compliance – enabled attendees to understand how they should prepare for a rigorous assessment of their organization. Here is a link to his slide deck.
What you need to know about CMMC & NIST 800 171
Speakers:
John Verry – CISO & Managing Partner, Pivot Point Security
Tony Bai – Director – Federal Practice Lead, A-Lign
Joe Chavarria – CEO Total Cyber Solutions
John, Tony and Joe have deep experience in advising contractors on how to meet their NIST 800-171 and CMMC compliance standards. In this session they provided attendees with an explanation of the two standards, how they overlap and how they are different.
Achieving ITAR Compliance with End-to-End Encryption
Speakers:
Matt Henson Global Trade Solutions Orchestrator @ TC Engine
Alex Major Partner & Co-Leader, Government Contracts and Global Trade Group @ McCarter & English, LLP
Matt and Alex will discuss the updates to ITAR compliance regulations that permit the use of end-to-end encryption and how these updates facilitate compliance. Here is a link to their slide deck.
A Master Class in Secure Enclave
Speakers:
Scott Singer President @ CyberNINES, Authorized C3PAO
One of the most important ways in which defense contractors can facilitate their compliance is by limiting the scope of who has access to their Controlled Unclassified Information (CUI). This is referred to as a secure enclave. Scott Singer, President of CyberNINES, an authorized C3PAO, as well as a CMMC Registered Practitioner, explains in this session how a secure enclave works and how creating one saves time and money as well as minimizing complexity. Here is a link to the slide deck.