- This event has passed.
CMMC Implementation Workshop: Your Path to Cybersecurity Compliance – 11/15/2024
Join the North Carolina Military Business Center and North Carolina State University for a “CMMC Implementation Workshop: Your Path to Cybersecurity Compliance” on either November 15 in Flat Rock, North Carolina or December 3 in Raleigh, North Carolina.
Goals
Prepare defense contractors for their Cybersecurity Maturity Model Certification assessments by providing them with the latest information about CMMC 2.0 and the associated DFARS clauses, and how to implement them. The goal of the event is for defense contractors and their IT/cyber staff and/or IT managed service providers to gain a thorough understanding of the requirements in CMMC and have a plan to get started or continue with their cybersecurity program. By the end of the day, attendees should know what the next steps are and what resources are available to help them develop their cybersecurity programs.
Pick Your Workshop Location
November 15, 2024
Technology Education Development Center
Blue Ridge Conference Center
49 East Campus Drive
Flat Rock, NC 28731
December 3, 2024
North Carolina State University – McKimmon Conference Center
1101 Gorman Street
Raleigh, North Carolina 27606
Leadership Track
Will include a high-level overview of what is being discussed in the technical track, with the goal being to reduce the friction between leadership and technical professionals. We will also discuss the topics below.
- Cybersecurity Overview
- How to build a culture of cybersecurity/tone at the top
- Things to do now: DoD CUI training, Medium Assurance Certificate, awareness training
- Cyber risks
- CMMC Scope
- Compliance documentation
- Questions to ask your MSP/MSSP/Consultant
- Share responsibility matrices for “inherited” cybersecurity controls
- What cybersecurity information to include in service level agreements
- Supply chain risk management
- CMMC implementation strategies
- Cost of implementation
Technical Track
- Asset and data inventories
- Network diagrams
- Data flow diagrams
- Physical security
- CMMC Scope
- System Security Plan
- How to perform a gap assessment
- How to put a score in the Supplier Performance Risk System
- NIST controls – where to start
Who Should Attend
Defense contractors- Leadership and those responsible for implementing CMMC AND their Managed Service/Security Providers (MSP/MSSP) or consultants. The new CMMC rule requires MSP/MSSPs to be CMMC Level 2 certified if they store, process, or transmit controlled unclassified information (CUI) on behalf of their defense contractor clients, or provide security protection for CUI assets. MSP/MSSPs must receive their CMMC Level 2 certification BEFORE their client defense contractors can be assessed.
The content of the workshop will be geared toward preparing attendees for a CMMC Level 2 assessment, however contractors preparing for CMMC Level 1 are welcome to attend.
Why Attend
The CMMC rule will become final in September or October of 2024 (based on the current timeline) and will be in some contracts/modifications in 2025. While there will be a slow roll-out of CMMC, defense contractors should not assume the requirements won’t be applicable to them in 2025 since prime contractors can add the requirements to contracts as soon as the rule becomes final.
