Risk & Compliance/Legislation

W4-3B. Cybersecurity Maturity Model Certification (CMMC): It is finally here!!!

Wednesday, June 12, 2024 2:30 PM - 3:30 PM

Room 3BC

Description

After a very slow rollout, the Department of Defense (DoD) finally released details about their CMMC program that, as Federal regulation, may go into as early as 1 October 2024. This regulation *will* affect companies that directly contract with the DoD or are just in somebody's supply chain; Cloud Service Providers; Managed Service Providers (MSP); Managed Security Service Providers (MSSP); and anyone else that has access to the Government's intellectual property or helps to protect it. The program and market pressures will require 3rd party certification of the majority of these firms for the DoD contractor to be eligible for DoD work. If their MSP or MSSP isn't CMMC certified, they may not be certifiable also... Likewise, while the failure to get certified will result in loss of work, DoD is also working with DoJ to use CMMC as a springboard for False Claims Act charges against all organizations in the ecosystem.

Learner Objectives

The learner will understand: - The regulatory requirements behind CMMC - Its impacts on normal DoD contractors and other External Service Providers - The Phased timeline DoD will follow and how the marketplace will outpace DoD - Preparing a CMMC audit