Demystifying CMMC - Strategies for Compliance & Certification (In-Person)

The Department of Defense (DoD) has established stringent cybersecurity requirements for all its contracts. Soon, these requirements will extend to include the Cybersecurity Maturity Model Certification (CMMC) Final Rule, a rigorous third-party assessment designed to ensure that defense contractors and subcontractors possess the capabilities to safeguard sensitive unclassified information.

Given the escalating threat landscape with adversaries launching cyberattacks, the DoD now mandates that companies within the Defense Industrial Base (DIB) report their current cybersecurity compliance status through the DoD Supplier Performance Risk System (SPRS). Consequently, DIB companies have received letters from the DoD or their prime contractors seeking information about their compliance and future certification status.

Our workshop comprises two comprehensive sessions, followed by a dedicated Q&A. Session 1 will provide an overview of CMMC Program Final Rule, the current DoD cybersecurity requirements, and a typical journey toward compliance. Session 2 will delve into the specific cybersecurity requirements across the 14 domains. Also, we will share strategies for compliance and preparing for the assessments.

Note: This workshop is designed for individuals and entities with a limited understanding of the CMMC Program Final Rule and its implications.

Agenda:

• SBDC – Small Business Development Center:

  • Kim Way - Houston Center, Program Director
  • Robert Johnson - Director, SBDC Vision2Venture Program

• Introduction/Opening Remarks – Tim Healy, Program Director - UH APEX Accelerator

• In this workshop, we will cover the following:
  Session 1: Executive Overview of CMMC Program

  • Overview of CMMC Program
  • Overview of the existing DoD cybersecurity requirements landscape
  • Understand what sensitive unclassified information means and how to categorize them
  • Overview of a typical CMMC certification journey

  Session 2: Cybersecurity Compliance and CMMC Certification

  • Overview of the 14 cybersecurity domains based on NIST 800-171 Rev. 2 cybersecurity requirements
  • Know where you are now and understand where you need to be
  • Discuss how to find certified professionals and assessors for help for Level 1 and Level 2
  • Discuss strategies to comply with CMMC Level 2 and cost factors

• Q&A

Speaker’s Bio:

Kyle is the President and CISO, and a Lead CMMC Certified Assessor (CCA) at KLC Consulting, a U.S. Dept. of Defense (DoD) authorized CMMC Third-Party Assessment Organization (C3PAO), which conducts assessments and provides advisory to enhances the cybersecurity of the Defense industry supply chain. Kyle also serves on the board of the C3PAO Stakeholders Forum.

Kyle has conducted numerous CMMC related assessments (JSVA, Mock Assessments, Gap Assessments) since the beginning of CMMC program.

With over 25 years of cybersecurity expertise, Kyle has served as an advisor to renowned organizations such as ExxonMobil, Zoom, DISA (U.S. DoD), Boeing, HP, and Microsoft. His qualifications include CMMC Certified Professional (CCP) and Certified Assessor (CCA) certifications and CISSP, CSSLP, CISA, CIPP/US/G, and ISO 27001 Lead Auditor credentials.

Before starting KLC Consulting, Kyle was a CISO at a global I.T. company and Brandeis University – Heller School. Additionally, He was a U.S. DoD operations manager responsible for the cybersecurity training portal supporting the entire Department personnel.