Wednesday, 19 Aug, 2020, Austin ISSA Chapter Meeting
Introduction to Cybersecurity Maturity Model Certification (CMMC)
The Department of Defense (DoD) is implementing the Cybersecurity Maturity Model Certification (CMMC) as an independent security assessment for 350,000 vendors in the Defense Industrial Base (DIB), including small mom and pop shops, companies that mow the grass, and companies that make military weapon systems.
New DoD contracts as of October 1, 2020 require CMMC certification (although Covid-19 may push that back slightly). CMMC will be phased in over five years as current contracts and their option years expire. The CMMC formalizes security self-assessments that became mandatory in November 2016 with the introduction of NIST 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” yet were considered ineffective due to lack of independent audit oversight.
All companies storing, managing, or processing DoD Federal Contract Information (FCI) or Controlled Unclassified Information (CUI) must become CMMC certified.
The CMMC is expected to:
- Drive real security change in the DoD marketplace by mandating independent audits for DIB vendors and closing loopholes where DIB vendors could self-attest their compliance based on inconsistent perception and experience.
- Be adopted by additional US Government and State Agencies seeking a security standard that translates well for public and private sectors.
- Trigger an explosion of new security careers and further strain the already limited cybersecurity / information security workforce.
About the Speaker
Dave Gray, Senior Cyber Security Advisor at Cyber Defense , Inc.
Dave Gray is a CISSP, CAP and PMP certified CyberSecurity Leader skilled in securing information systems to achieve information Confidentiality, Integrity and Availability. Dave’s focus is Governance, Risk Management and Compliance (GRC) using information security frameworks established by the National Institute of Standards and Technology (NIST) and the Center for Information Security 20 Critical Security Controls. Dave specializes in DoD CMMC, NIST 800-171, NIST 800-53 and CIS CSC 20.
Dave retired in 2011 from the Texas Army National Guard as a Lieutenant Colonel where he managed Information Security and IT Operations for 5,000 network users spread across Texas. Dave teaches local community college classes for CISSP, Security+ and ITIL certifications and volunteers for the ISSA Capitol of Texas Chapter at Austin. Dave’s certifications include CISSP, CAP, PMP, Security Plus, ITIL, CEH, EnCE, MCSE, MCSA, NSA NSTISSI 4011 and CNSSI 4012. Dave completed his MBA from the Jack Welch Management Institute in March 2020.
Chapter Meeting Location
Chapter Meeting Location
Virtual via Zoom. Click here to Register for the link to the meeting invite