The Cybersecurity Maturity Model Certification (CMMC) is a cornerstone of Department of Defense (DOD) supply-chain security efforts. Yet more than three years after the release of version 1.0, the CMMC standards and broader ecosystem remain a work in progress. Though the goal of protecting controlled unclassified information (CUI) that resides within the Defense Industrial Base (DIB) is indisputable, technology leaders nonetheless face challenges on everything from implementing the required security practices at scale to overcoming the myriad bureaucratic and pricing roadblocks that can shut out small and medium-sized organizations before they even begin.
That lack of a final framework, however, does not change the fact that preparation is paramount. While DOD and the Office of Management and Budget finalize CMMC’s path forward, stakeholders in both industry and government can stay involved by participating in the early adopter programs, self-assessments, and various types of CMMC professional training made available. Much can be done to prepare them for eventual certification – and to help shape how CMMC will function in 2024 and beyond.
Washington Technology’s 2nd Annual CMMC Ecosystem Summit, presented in partnership with The Cyber AB, will explore this current state of CMMC through a wide gamut of speakers and perspectives, inviting top public and private sector professionals across legal, defense, business, and security to share their perspective on the status of the program, and offer insight into what comes next.
Following last year’s historic event, the first ever sanctioned by the program’s accreditation body, we’ll continue to focus on key themes: How organizations can best prepare for their CMMC assessments, how the CMMC Ecosystem is supporting the DIB, what the practical implications are for certain CMMC policy positions, and what self-assessment tools NIST and others have made widely available.
Sessions will provide an opportunity for deep dives into the mechanics of getting certified, addressing potential CMMC conflicts of interest, training opportunities, and the advantages of going through the processes early.
Attendees will come away with a better understanding of:
The latest CMMC policy developments, as well as the role of CMMC in the broader supply chain and security conversation
The current capacity, offerings, and future projections of the CMMC Ecosystem
The role and career path of the a CMMC Assessor and/or CMMC Practitioner
CMMC training opportunities
The Joint Surveillance Voluntary Assessment program
Networking opportunities between all elements of CMMC operations
The revised and updated CMMC Code of Professional Conduct
Best practices for businesses looking to get involved
Resources and tools made available by NIST and other agencies to help with self-assessment
Legal considerations of performing CMMC self-attestations and other related procedures
Reciprocity expectations for FedRAMP-certified cloud providers, and broader preliminary best practices around certification preparedness
And more…