The Cyber AB has once again convened the CMMC ecosystem to deliver the monthly Town Hall covering the latest news and information about the CMMC Program; and Joy has once again joined the show so we can talk about the latest ecosystem happening for the month of April. A change in CAICO leadership, stats on completed assessments, another audit, a “ESP, not a CSP” MythBusters/Ecosystem ethics fusion, and so much more...
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
AB Town Halls: https://cyberab.org/News-Events/Town-Halls/Details/march-town-hall
--------
33:02
CS2 Reston Preview
It's that time of year again and this time CS2 is coming to Reston, VA. This week we walk through the agenda adn talk about the sessions we're most excited for. Whistleblower attorneys? C3PAO lessons learned? Real world defense contractors who have completed CMMC Level 2? Prime contractor perspectives on upcoming requirements? CS2 has it all.
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
--------
26:58
DoD’s Parameters for SP 800-171r3
DoD has officially released their parameters for NIST SP 800-171 revision 3 requirements. Defense contractors now have a clear picture of their future compliance requirements and what assessors will ask for under “CMMC 3.0”. But if SP 800-171r3 won't be required for some time, why did the DoD publish their organizationally defined values? In this episode we dive into the basics of “ODPs”, why they matter, and how contractors can leverage them now to future-proof their systems against regulatory updates.
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
Memo: https://dodcio.defense.gov/cmmc/Resources-Documentation/
ODP Deep Dive: https://www.youtube.com/watch?v=QXfzSo4_F54
Deep Dive w/ Ron Ross: https://www.youtube.com/watch?v=x37V6fE-ies
171r3: https://www.youtube.com/watch?v=TAzYQjLfPY0
7012 Class Deviation: https://www.youtube.com/watch?v=voziZRAMvv4
--------
29:12
What is DFARS 7012?
Most people mistaken believe that their cybersecurity requirements stem from the Cybersecurity Maturity Model Certification Program (CMMC). CMMC is simply a verification program that proves if you have implemented the requirements imposed by DFARS clause 252.204-7012. Ultimately, DFARS clause 252.204-7012 is the center of gravity for all the cybersecurity stuff that comes with being a defense contractor. This week is an important primer on DFARS 7012 because even though it's only 13 paragraphs long, few people take the time to read it closely.
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
DFARS 7008: https://youtu.be/vgrRGIWboKc?si=TFuX_wYBgfDhNQ8X
DFARS 7012: https://www.acquisition.gov/dfars/252.204-7012-safeguarding-covered-defense-information-and-cyber-incident-reporting.
The History of CMMC: https://youtu.be/jbY2irZ1ePg?si=Khw6kLH5JnXfiTs6
7012 Class Deviation: https://youtu.be/voziZRAMvv4?si=2TczM85cISzpd63V
FedRAMP equivalency memo: https://youtu.be/torWNL3U7ZY?si=_tAubFpxJxtqrS6L
--------
39:17
What is DFARS 252.204-7008?
After 100 episodes diving into every possible rabbit hole to help illuminate the bigger picture around CMMC we're starting over at square zero: the “DFARS Cyber Series” of contract clauses. First up: the solicitation provision 252.204-7008. Although 7008 doesn't have the notoriety of it's big brother DFARS 252.204-7012, it is the first domino that triggers the cascade of cybersecurity compliance obligations that ultimately culminate in CMMC assessment.
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
DFARS 252.204-7008: https://www.acquisition.gov/dfars/252.204-7008-compliance-safeguarding-covered-defense-information-controls.
The 2016 final rule: https://www.federalregister.gov/documents/2016/10/21/2016-25315/defense-federal-acquisition-regulation-supplement-network-penetration-reporting-and-contracting-for
It's difficult to keep up with all of the moving parts that make up the Department of Defense's Cybersecurity Maturity Model Certification Program. It's even more difficult to keep up with the relevant bits and bites that influence CMMC. This weekly podcast sums up the news and developments relevant to CMMC; DFARS and other regulations; and NIST standards such as SP 800-171, SP 800-53, the NIST Cybersecurity Framework, and others.
Canada - english