Loading Events

Events

The CMMC 2.0 Paradigm and Contractor Supply Chain Risk Management Obligations

Since January 2018, the Defense Department (and now other agencies) has required prime contractors and subcontractors at all tiers to implement NIST SP 800-171, “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations.” Between January 2018 and November 2021, the Defense Department issued numerous guidance memoranda regarding NIST-171 and set up an arrangement with the Cybersecurity Maturity Model Certification – Accreditation Board. In turn, the CMMC-AB developed a “CMMC ecosystem” based on NIST-171 and related NIST guidance in order to identify NIST-171 cybersecurity objectives intended for contractors and subcontractors who handle, create or store “controlled unclassified information” or CUI. A significant element of this ecosystem was the creation of an infrastructure which facilitates education, training and third-party assessment leading to the certification of a DIB company’s implementation of CMMC 1.0 compliance.

The Defense Department paused implementation of the CMMC 1.0 program by introducing CMMC 2.0 through an Advanced Notice of Proposed Rulemaking published November 4, 2021. DoD did not pause compliance with FAR 52.204-2 or DFARS 252.204-7012.

Your company’s level of CMMC 2.0 “cyber hygiene” will directly impact your eligibility to contract or subcontract with the Defense Department (and likely non-DoD agencies such as the GSA and the DHS) as well as impact your competitive posture anywhere in the DoD supply or service chain.

In this Program, you will learn about:

  • The prospective CMMC 2.0 schedule;
  • Federal cybersecurity vocabulary: CUI, FCI, CDI, CTI;
  • CUI marking obligations by government personnel and contractor personnel
  • How CMMC 2.0 “Level 1” (the foundational level) effectively applies to all federal agencies;
  • The requirements of FAR 52.204-21 and DFARS 252.204-7012 and the current DFARS 252.204-7019, 7020, and 7021 clauses;
  • DoD’s Assessment Methodology;
  • The Supplier Performance Risk System (SPRS);
  • The DoD guidance available to achieve CMMC 2.0 Level 1 and Level 2 (the advanced level);
  • The available self-assessment programs;
  • The requirements under [Draft] NIST SP 800-172 contained in CMMC Level 3 to address Advance Persistent Threats;
  • The quality of a System Security Plan and the CMMC 2.0 emphasis of a Plan of Action & Milestones)
  • CMMC 2.0, the Cloud and FedRAMP;
  • The government-wide supply chain obligations regarding Chinese sources
    • DoD guidance
    • GSA guidance
  • DoD supply chain obligations regarding Chinese and Russian sources
    • DoD guidance
Register Now

Event Date March, 3

Event Time 5:30am - 7:00am

Featured News

January 16, 2025

What’s the Difference Between Asian and US Work Culture?

In today’s global economy, understanding the nuances of different work cultures is essential for businesses seeking to attract international talent or expand into new markets. Fairfax County’s thriving business environment reflects key elements of US work culture, blending innovation, individualism, and flexibility. Work culture plays a critical role in productivity and talent recruitment, especially as companies look to create environments where employees thrive and grow. Understanding the distinctions between Asian and American work cultures can be a valuable asset for…
Read More
December 21, 2024

Virginia’s Star Continues to Rise, Northern Virginia Drives its Economic Growth

Virginia has been named 2024 State of the Year by Business Facilities, marking a historic third time the Commonwealth has received this top honor from the magazine. This recognition reflects Virginia having one of the strongest business climates, due in part to its strategic location, skilled workforce, and pro-business policies. “Virginia’s recognition as Business Facilities’ 2024 State of the Year is a testament to its strong economic foundation,” said Victor Hoskins, President and CEO of the Fairfax County Economic Development…
Read More
December 14, 2024

100+ Space Sector Leaders Convene to Envision a Bold, Collaborative Course for Commercialization

100+ Space Sector Leaders Convene to Envision a Bold, Collaborative Course for Commercialization From Left to Right: NASA Chief Technologist A.C. Charania; Fairfax County EDA President and CEO Victor Hoskins; Connected DMV President and CEO George Thomas; Arkenstone Founder Preston Dunlap; and Connected DMV Chair Stu Solomon. Earlier this month, Connected DMV, in partnership with the Fairfax County Economic Development Authority, convened 100+ leaders from industry, government, and academia at the Embassy of France in Washington, D.C., for “The Summit:…
Read More