Webinar – CMMC – What is Next & Especially for Small & Medium Size Business?

January 2020 – The United States Department of Defense introduced the initial version of the Cybersecurity Maturity Model Certification (CMMC). The CMMC effort was intended to build upon existing regulation (DFARS 252.204-7012) which requires Department of Defense contractors; subcontractors; suppliers; and vendors to implement security controls to protect controlled unclassified information (CUI) in accordance with NIST 800-171.

September 2020 – The DoD published an interim rule to the DFARS in the Federal Register (DFARS Case 2019-D041), which implemented the DoD’s initial vision for the CMMC program (“CMMC 1.0”) and outlined the basic features of the framework (tiered model, required assessments, and implementation through contracts). The interim rule became effective on November 30, 2020, establishing a five-year phase-in period.

March 2021 – The Department initiated an internal review of CMMC’s implementation, informed by more than 850 public comments in response to the interim DFARS rule. This comprehensive, programmatic assessment engaged cybersecurity and acquisition leaders within DoD to refine policy and program implementation. The Information Technology Acquisition Advisory Council (IT-AAC) was a significant contributor to the various findings and recommendations during the review effort.

November 2021 – The Department announced “CMMC 2.0,” an updated program structure and requirements designed to safeguard sensitive information and protecting the warfighter, dynamically enhance DIB cybersecurity, ensure accountability while minimizing barriers to DoD compliance, contribute towards instilling a collaborative culture of cybersecurity and cyber resilience, and maintain public trust through high professional and ethical standards. CMMC 2.0 reduces the number of classification categories for certification from 5 to 3 and makes other adjustments to the proposed program. The rule making for CMMC 2.0 is estimated to take from 9 – 24 months. While these rulemaking efforts are ongoing, the Department intends to suspend the current CMMC Piloting efforts and will not approve inclusion of a CMMC requirement in any DoD solicitation. This created a lot of confusion across the DIB community around the implementation requirements, timelines, and questions about the cost, governance, and oversight of the program.

October 2021 – The Department of Justice (“DOJ”) announced a new Civil Cyber-Fraud Initiative to enforce cybersecurity standards and reporting requirements. The Initiative will use DOJ’s civil enforcement mechanisms, namely the False Claims Act, to pursue government contractors and federal grant recipients that “knowingly provide deficient cybersecurity products or services, knowingly misrepresent their cybersecurity practices or protocols, or knowingly violate obligations to monitor and report cybersecurity incidents and breaches.” DOJ will not limit enforcement to entities; individuals also can be held accountable for cybersecurity-related fraud.

March 2022 – The Securities and Exchange Commission proposed amendments to its rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. Congress is finally considering the Federal Information Security Modernization Act which has already passed the Senate and is currently under consideration by the House of Representatives.

Join us on Wednesday April 26, 2022; 13:00 – 14:00 EDT. Information Technology Acquisition Advisory Council (IT-AAC) in partnership with Churchill & Harriman is pleased to present a second in series virtual discussion around a deeper dive into the CMMC program, – what it is, who is required to comply, what are the current timelines for compliance, what are the consequences of failing to meet the current timelines, and how to execute due diligence by creating and implementing a plan to meet the CMMC requirements. A significant focus of the discussion will be on the impacts and requirements for small and medium sized business.

Subject matter experts and risk management professionals will discuss the current plans for CMMC, how other legislative and regulatory activities may impact the future of CMMC, and why you should care. Given the current challenges of cybersecurity and the need for each of us to meet our obligations, this webinar discussion will be both substantive and timely.

Hosted by: CMMC Center of Excellence and Churchill & Harriman
Panelists: John Weiler – Chairman, CMMC COE, Exec Director, IT-AAC
Kenneth Peterson – CEO & Founder, Churchill & Harriman
Edward Beesley – Chief Operating Officer, Churchill & Harriman

Moderator: Bob Dix – SVP, Strategy & Public Policy, IT-AAC

Register

Managing Risk in Healthcare Supply Chain

Join us on Wednesday, April 20 – 1:30-2:30 p.m. EDT as we reflect on the past and plan for the future! Hear from experts at Information Acquisition Advisory Council (IT-AAC) and EHNAC organizations as they share perspectives on the changing cybersecurity landscape, supply chain vulnerabilities, and strategic matters – technical and cultural – including best practices for securing the health care supply chain. The discussion will highlight the need to secure protected health information more than ever considering the increasing use of telehealth, web-connected medical devices, and other third-party products and services. Conversations will address impacts, lessons learned from the COVID-19 public health emergency, and best practices for best cyber hygiene with the following focus areas:

– Current state of the health care supply chain
– Risks and vulnerabilities associated with the health care supply chain
– The HIPAA factor
– Strategies, best practices and frameworks the health care industry should consider
– The NIST factor and Third-Party Risk Management (TPRM)
– TEFCA and the Road to Interoperability

Hosted by: Information Acquisition Advisory Council (IT-AAC) and EHNAC

Panelists:

John Weiler, Founder and Executive Director, IT-AAC
Lee Barrett, Executive Director and CEO, EHNAC
Ron Moser, CISSP, CISA, CRISC, CCSFP, CHQP, Senior Assessor, EHNAC
Robert Dix, SVP Strategy & Public Policy, IT-AAC

Register

Webinar Panel Discussion – How is Cloud Computing, Artificial Intelligence & Machine Learning Related and Why does it Matter !

Join us on Wednesday December 8 2021; 13:00 – 14:00 EDT

Information Technology Acquisition Advisory Council (IT-AAC) in partnership with ORock Technologies is pleased to present a virtual discussion around how AI / ML is changing the landscape for data management, digital transformation, and Cloud computing.

Hosted by: CMMC Center of Excellence and ORock Technologies

Panelists: John Weiler – Executive Director, IT-AAC
Steve Robinson – Chief Revenue Officer, ORock Technologies
Joshua Cornutt – CTO, ORock Technologies
Michael Puscar – Chief Product Officer, ORock Technologies

Moderator: Bob Dix – SVP, Strategy & Public Policy, IT-AAC 

Please join this extraordinary panel of subject matter experts for this first in a series of complementary discussions around Artificial Intelligence and Machine Learning, the implications for Cloud Computing, and how it will impact mission outcomes across the Department of Defense, Intelligence community, and a wide range of sectors including healthcare, financial services and much more on December 8th .

Bob Dix, IT-AAC
https://it-aac.org/

Steve Robinson, ORock Technologies
https://orocktech.com/

In this upcoming 60-minute discussion with our expert Panelists, we’ll uncover valuable insights into key themes:

– game changing innovation around Artificial Intelligence and Machine Learning,
– the implications for Cloud Computing, and
– how it will impact mission outcomes across the Department of Defense, Intelligence community, and a wide range of sectors including healthcare and financial services

Please register