91ÇÑ×Ó

Day 1: February 19, 2025

Keynote: State of the CMMC Ecosystem

Matt Travis, Cyber AB

• What is new?
• What is coming?
• Federal resources available

Session 1: Timeline to Compliance

Nancy Laney, PEAK Complyance

• Walk-through of what needs to happen
• When to be ready to schedule an official assessment
• List of milestones

Session 2: CUI

Regan Edens, DTC Global

• CUI vs. COTS
• FCI Scope vs. CUI Scope
• CUI Marking
• Reporting and Responding to Incidents

 

Day 2: February 20, 2025

Keynote: DIBCAC Lessons Learned from JSVA

Nick Delrosso, DIBCAC

• What is new?
• What is coming?

Session 3: Assess, Document, Evidence -> Repeat

Regan Edens, DTC Global

Jim Johnson, Safran Group

Tiffiney Groce, Garbon Aerospace

• Initial assessment of the control
• How to document the control
• How to evidence the control

Session 4: Building a Culture of Evidence 

• The challenge of creating evidence regularly
• Boeing - a case study
• CMMC benefits of SOPs to management and quality product delivery

Keynote with Mitch Thornton, Darwin Deason Institute fro Cybersecurity, 91ÇÑ×Ó

Session 5: Documentation -- Too Much, Too Little and Just Right

Mark Berman, FutureFeed

• Examine: Evidence and Artifacts needed to validate a control
• Interview: How to direct the assessor to the right interviewees and tips for the interviewee
• Control Summaries
• Objective Statements
• Best Practices for keeping policies and procedures up-to-date
• Reference Documents - what is needed and how frequently to refresh your content

Session 6: Choosing a Service Provider

Stuart Itkin, NeoSystems and Leia Kupris Shilobod, CompliancyIT

• Why do I need one?
• ESP, MSP, MSSP, Consultant
• Is my MSP my consultant?
• Mock Assessment
• C3PAP

Session 7: Mock Assessment Walk-through Panel

Nick Delrosso, DIBCAC

Robert Hill, Cyturus Technologies

Jerry Leishman, NeoSytems

David Bedard, KTL Solutions

 

 

Speakers and agenda subject to change.