Loading Events

Events

The CMMC Paradigm and Contractor Supply Chain Risk Management Obligations

Companies seeking to begin or continue doing business with the Defense Department must be at least CMMC Level 1 certified. Cyber security compliance is now the foundation under the three statutory evaluation factors of technical, past performance and price. Preparing for, implementing and ultimately obtaining CMMC certification is time-consuming (6-9 months) and can be expensive depending on the CMMC Level sought. Prudent contractors should examine and confirm if their NIST-based System Security Plan is sufficient (and at what “certified” level) for current and future contract obligations.

Your company’s level of “cyber hygiene” will directly impact your eligibility to contract or subcontract with the Defense Department (and likely with some non-DoD agencies) as well as impact your competitive posture anywhere in the DoD supply or service chain.

In this Program, you will learn about:

  • The CMMC – DoD implementation schedule;
  • The Federal cybersecurity vocabulary: CUI, FCI, CCI;
  • CUI marking obligations by government personnel and contractor personnel
  • How CMMC “Level 1” effectively applies to all federal agencies;
  • The requirements of DFARS 252.204-7012 and the interim DFARS 252.204-7019, 7020, and 7021 clauses;
  • DoD’s Assessment Methodology;
  • The Supplier Performance Risk System (SPRS);
  • The DoD guidance available to achieve CMMC Level 1;
  • The available self-assessment programs;
  • The requirements under [Draft] NIST SP 800-172 contained in CMMC Level 3 to address Advance Persistent Threats;
  • Cybersecurity as a contractor qualification (the CMMC Level) versus an evaluation factor (the quality of a System Security Plan);
  • CMMC, the Cloud and FedRAMP;
  • The fundamentals of cybersecurity training;
  • The government-wide supply chain obligations regarding Chinese sources
      • DoD guidance
      • GSA guidance
  • DoD supply chain obligations regarding Chinese and Russian sources
      • DoD guidance

Instructors:

David Dempsey, co-founder and partner at Dempsey Fontana, PLLC, with over 42 years of experience in procurement laws, regulations and policies pertinent to contracting with federal, state, and international agencies. David’s practice areas include rights in technical data and software; cybersecurity requirements and obligations; DCAA audits, cost principles; ITAR/EAR export controls, foreign and contingency contracting; OCIs, ethics and corporate compliance; small business size issues; IDIQ contracts; contract management and terminations; Service Contract Act issues; contract litigation and bid protests.

Melissa Ellis is co-owner of Systems Management Enterprises, Inc. (SME) where she is Vice President and CFO. SME is a Virginia Information Technology and Security Company providing data center services, managed security, compliance solutions, and technical support to businesses nationwide. Melissa focuses on cybersecurity training for businesses in the financial, medical, and professional services industries.  Over the past several years she has worked within these industries to assess and implement company-appropriate information security compliance initiatives and then followed up with information security awareness training. Melissa’s background includes Criminal Justice at Radford University and is a Certified HIPPA Professional and a Certified Security Awareness Practitioner (CSAP). Melissa develops and implements cybersecurity training programs for all types of business entities and passionately educates her trainees on how to understand and implement the “cyber hygiene” behavior necessary to safeguard company intellectual property and trade secret data.

Register Now

Event Date February, 12

Event Time 5:30am - 8:00am

Featured News

May 20, 2025

Global Satellite Communications Leader Iridium Communications Inc. to Expand Headquarters in Fairfax County

Fairfax County, Virginia — Iridium Communications Inc., a global satellite communications company, will invest over $13 million to expand their headquarters into a 55,000-square-foot space in Fairfax County, Virginia. The project will support 117 new associates, expanding its Virginia workforce to nearly 400 over the coming years. Iridium currently employs 271 people throughout Virginia, with 126 of those employees reporting to the headquarters facility. The new positions supported by this expansion will also report to the new headquarters facility. “Iridium…
Read More
May 10, 2025

From a Rising Startup to the Nation’s Leading Digital Wallet

Blake Hall, founder and CEO of Fairfax County-based ID.me, reflects on the company’s first 15 years in business: ID.me is the largest digital identity wallet in the United States, trusted by millions to verify their identities and access essential services seamlessly and safely. ID.me’s mission is clear: Make the world a more trusted place by delivering the highest level of security with the least amount of friction. Its digital wallet provides safe, convenient login by enabling your credentials—be they your photo…
Read More
April 18, 2025

FCEDA’s Karen Smaw Selected by the U.S. Black Chambers of Commerce to the Power 50: Women of Influence

Karen Smaw and USBC CEO, Ron Busby;  Photo credit: US Black Chambers of Commerce Celebrating her extraordinary achievement in growing and shaping the small business ecosystem in Fairfax County, the U.S. Black Chambers of Commerce has chosen FCEDA’s Director, Diversity Business Investment and Entrepreneurship Karen Smaw for inclusion in the 2025 Power 50 Women of Influence Class. Her visionary leadership and transformational impact in helping to grow small businesses and cultivating start-ups has transformed Fairfax County. Each year, the USBC proudly…
Read More