CMMC Implementation: Your Path to Cybersecurity Compliance
December 3 @ 8:00 am - 5:00 pm
$115 – $130
Join the North Carolina Military Business Center and North Carolina State University for a “CMMC Implementation Workshop: Your Path to Cybersecurity Compliance” on December 3 in Raleigh, North Carolina.
CMMC Day is designed to prepare NC defense contractors for their Cybersecurity Maturity Model Certification assessments by providing them with the latest information about CMMC 2.0 and the associated DFARS clauses, and how to implement them. The goal of the event is for defense contractors and their IT/cyber staff and/or IT managed service providers to gain a thorough understanding of the requirements in CMMC and have a plan to get started or continue with their cybersecurity program. By the end of the day, attendees should know what the next steps are and what resources are available to help them develop their cybersecurity programs.
Sponsored by NC State University Industry Expansion Solutions
Parking is available in lot D. Campus Map.
Agenda
Leadership Track>
Will include a high-level overview of what is being discussed in the technical track, with the goal being to reduce the friction between leadership and technical professionals. We will also discuss the topics below.
- Cybersecurity Overview
- How to build a culture of cybersecurity/tone at the top
- Things to do now: DoD CUI training, Medium Assurance Certificate, awareness training
- Cyber risks
- CMMC Scope
- Compliance documentation
- Questions to ask your MSP/MSSP/Consultant
- Share responsibility matrices for “inherited” cybersecurity controls
- What cybersecurity information to include in service level agreements
- Supply chain risk management
- CMMC implementation strategies
- Cost of implementation
Technical Track
- Asset and data inventories
- Network diagrams
- Data flow diagrams
- Physical security
- CMMC Scope
- System Security Plan
- How to perform a gap assessment
- How to put a score in the Supplier Performance Risk System
- NIST controls – where to start
Who Should Attend:
Defense contractors- Leadership and those responsible for implementing CMMC AND their Managed Service/Security Providers (MSP/MSSP) or consultants. The new CMMC rule requires MSP/MSSPs to be CMMC Level 2 certified if they store, process, or transmit controlled unclassified information (CUI) on behalf of their defense contractor clients. MSP/MSSPs that provide security protection for their clients will be considered in-scope to their client’s CMMC assessment. The content of the workshop will be geared toward preparing attendees for a CMMC Level 2 assessment, however contractors preparing for CMMC Level 1 will benefit from attending.
Why attend:
The CMMC Program rule is final and was published in the Federal Register on October 15th, with an effective date of Dec. 14th. CMMC third party assessments can begin, but the DoD will not put CMMC in contracts until the Defense Federal Acquisition Regulation Supplement (DFARS) has been changed to include a CMMC clause. We expect the DFARS clause rule to be final by the end of the second quarter in 2025 with an effective date in the late summer or early fall of 2025. If you wait until the new DFARS rule is final, you will be behind. It takes most contractors 18 – 24 months to develop a secure, compliant cybersecurity program.
Registration. Registration is open!
Early Bird Registration (prior to November 10, 2024): $115/person
Registration (on or after November 10, 2024): $130/person
Registration includes access to the full program, materials and catering throughout the day.
