SIMPLIFYING CMMC DFARS 7012 COMPLIANCE SOLVING THE PUZZLE

  • Slides: 25
Download presentation
SIMPLIFYING CMMC & DFARS 7012 COMPLIANCE SOLVING THE PUZZLE FOR SMALL BUSINESS From DFARS

SIMPLIFYING CMMC & DFARS 7012 COMPLIANCE SOLVING THE PUZZLE FOR SMALL BUSINESS From DFARS 7012 to CMMC Certification

ABOUT COALFIRE FEDERAL Coalfire Federal provides cybersecurity services to government and commercial organizations helping

ABOUT COALFIRE FEDERAL Coalfire Federal provides cybersecurity services to government and commercial organizations helping them protect their mission-specific cyber objectives. Coalfire Federal is the leading Fed. RAMP 3 PAO, a CMMC C 3 PAO and CMMC RPO and offers a full spectrum of cybersecurity risk management and compliance services ABOUT STUART ITKIN • Coalfire Federal VP CMMC and Fed. RAMP Assurance • Previously VP Product Management and Marketing at Exostar, Global CMO at CEB • Executive roles in several cybersecurity businesses • Lead mentor at MACH 37 cyber product accelerator

ABOUT PREVEIL Pre. Veil is a simple, inexpensive and secure Saa. S platform for

ABOUT PREVEIL Pre. Veil is a simple, inexpensive and secure Saa. S platform for storing and sharing CUI and ITAR data in email and files. Designed for the enterprise, Pre. Veil is used by leading defense contractors for CMMC compliance, Supply Chain Collaboration and Incident Response. ABOUT RANDY BATTAT • Co-founder and CEO of Pre. Veil since 2015 • Previously, CEO of Airvana • Led teams at Motorola and Apple • BS in Electrical Engineering, Stanford University

ABOUT DTC GLOBAL Focused on Do. D Cyber Threat since 2006 ü Led Do.

ABOUT DTC GLOBAL Focused on Do. D Cyber Threat since 2006 ü Led Do. D’s First Cyber CI Insider Threat/FIST Program ü Operationalized +$ 3. 5 B in Transformative Globally Distributed Technologies ü Cross-Discipline/Horizontal/Vertical Platform & Systems Integration Industry Trenches ITAR/DFARS/CMMC ü Large Global Prime Contractors Supply Chain Risk to Small/Micro Businesses ü Clients: $46. 8 B Market Cap, 235 k Employees, 300 -325 k Endpoints ü Industry Thought Leaders since 2015 ABOUT REGAN EDENS Chief Transformation & Compliance Officer Director, Board of Directors CMMC Accreditation Body • Chartered by Do. D to Manage CMMC Certification • Chairman of Standards Management Committee • Vice Chairman of Training Committee • CMMC Certified Master Instructor • Led Training for CMMC Certified Provisional Assessors

AGENDA • Regan Edens • 10 Tasks to get you started with CMMC compliance

AGENDA • Regan Edens • 10 Tasks to get you started with CMMC compliance • Critical areas for focus • 5 Critical enablers for compliance success • Randy Battat • Cloud-based Encrypted File Sharing & Email • Q&A • Breakout

SOLVE THE PUZZLE: TOP 10 TASKS From 130 Practices, 409 Assessment Objectives Your Path

SOLVE THE PUZZLE: TOP 10 TASKS From 130 Practices, 409 Assessment Objectives Your Path to Compliance Begins HERE… 1) Conduct required tasks such as RSA, POA&M, and document them in SSP. 2) Identify and properly mark the types of restricted information (CUI/FCI) to needed to conduct services, deliver products, and parts. 3) Identify the sources of the restricted US Do. D information; understand where it is developed within your company; and understand where the restricted information flows within the network and employee workflows. 4) Restrict, segregate, handle, and safeguard the information, documents, and parts. 5) Develop, modify, and sustain policies, workflow procedures, and network devices and activities that involve the restricted Do. D information.

SOLVE THE PUZZLE: TOP 10 TASKS Your Path to Compliance Continues… 6) Train personnel

SOLVE THE PUZZLE: TOP 10 TASKS Your Path to Compliance Continues… 6) Train personnel to understand the risks, policies and procedures required to sustain the requirements. 7) Ensure impacted portions of your supply chain understand meet requirements. 8) Monitor, enforce, document, and audit requirements. 9) Prepare for third party certification with 100% conformity. 10) Sustain requirements and report misuse of CUI, network or other incidents placing or potentially placing the confidentiality of the information at risk.

FOCUS ON THE HARDEST PARTS Critical Focus Areas ü ü ü ü Requirements Follow

FOCUS ON THE HARDEST PARTS Critical Focus Areas ü ü ü ü Requirements Follow the Data (CUI/FCI) Data Flow Determines Scope Compliant Business Processes Secure Network & Compliant Architecture Detailed Documentation Controlled Environment Your Employees, Trained & Knowledgeable Your Supply Chain & Subcontractors

BE $MART: SOLVE THE PUZZLE WITH HELP Critical E nablers Reliable Expertise & Guidance

BE $MART: SOLVE THE PUZZLE WITH HELP Critical E nablers Reliable Expertise & Guidance Experienced Consultants & Integrators Control the Flow of CUI & Limit Scope Limit People, Devices, Applications CUI Data Management (E mail/Storage) Cloud Service Providers & Services CUI Workflow Matches Reality Train People on Procedures & Policies Engage Supply Chain NOW $mart SC Strategies Reduce Risk

BE $MART: SOLVE THE PUZZLE WITH HELP

BE $MART: SOLVE THE PUZZLE WITH HELP

CUI/FCI for CMMC Compliance: Cloud-based Encrypted File Sharing & Email 11

CUI/FCI for CMMC Compliance: Cloud-based Encrypted File Sharing & Email 11

CMMC Domains: Policies, Processes, Systems Access Control Asset Management Audit & Accountability Awareness &

CMMC Domains: Policies, Processes, Systems Access Control Asset Management Audit & Accountability Awareness & Training Configuration Management Identification & Authentication Incident Response Maintenance Media Protection Personnel Security Physical Protection Recovery Risk Management Security Assessment Situational Awareness System & Communications Protection 12 System & information Integrity Mostly Systems Both Systems & Processes Mostly Policies & Processes

Systems Considerations Compliance Deployment options Security Ease of use & adoption Total cost of

Systems Considerations Compliance Deployment options Security Ease of use & adoption Total cost of ownership 13

Pre. Veil: Simple Way To Enhance Cybersecurity End-to-end encrypted file sharing & email for

Pre. Veil: Simple Way To Enhance Cybersecurity End-to-end encrypted file sharing & email for CUI or ITAR-restricted data Addresses CMMC requirements for handling CUI in files & messages Easy to deploy — no modifications required to existing IT infrastructure Easy to use Fraction of the cost of alternatives 14

Demonstration 15

Demonstration 15

Pre. Veil Security 16

Pre. Veil Security 16

Traditional File & Mail Servers Plain Text Company A Server Company B Server Internet

Traditional File & Mail Servers Plain Text Company A Server Company B Server Internet Plain Text Company C Server Plain Text Company D Server 17

End-to-end Encryption Encrypt Company B Pre. Veil Server Decrypt Company C Company A Company

End-to-end Encryption Encrypt Company B Pre. Veil Server Decrypt Company C Company A Company D 18

Passwords vs. Keys Traditional System Pre. Veil Password Server Attacker obtaining password can log

Passwords vs. Keys Traditional System Pre. Veil Password Server Attacker obtaining password can log in remotely Password Attacker 19 Server Key stored on device required for decryption

Administrative Vulnerabilities Traditional System Pre. Veil Any admin can perform sensitive operations: • Reset

Administrative Vulnerabilities Traditional System Pre. Veil Any admin can perform sensitive operations: • Reset passwords • Export data • Delete users Admins can perform sensitive functions only with after being authorized by an “approval group. ” Example — Exporting Data: And so can an attacker Encrypted Decrypted Files & Emails Admin Server Attacker Exported Data Server Exported Data Approvers 20

External Access Control Traditional System: Open to the Internet Pre. Veil’s Trusted Communities Suppliers

External Access Control Traditional System: Open to the Internet Pre. Veil’s Trusted Communities Suppliers X X Organization Internet Organization Customers Attackers 21 Suppliers Customers

Key Takeaways Not all cloud services are compliant for CUI & ITAR data Consider

Key Takeaways Not all cloud services are compliant for CUI & ITAR data Consider the next generation of cybersecurity Easy to use and deployment are critical to adoption 22

Q&A

Q&A

FINIS coalfirefederal. com dtcglobal. us preveil. com Stuart. itkin@coalfirefederal. com reganedens@dtcglobal. us rbattat@preveil. com

FINIS coalfirefederal. com dtcglobal. us preveil. com Stuart. itkin@coalfirefederal. com reganedens@dtcglobal. us rbattat@preveil. com 603 -892 -0538 443. 910. 3159 857 -353 -6480

Breakout

Breakout

CYBERSECURITY COMPLIANCE REQUIREMENTS OPTIONS DFARS 204 73 DFARSCYBERSECURITY COMPLIANCE REQUIREMENTS OPTIONS DFARS 204 73 DFARS
DFARS 204 73 252 204 7012 What isDFARS 204 73 252 204 7012 What is
CMMC June Town Hall CMMC Accreditation Body CMMCABCMMC June Town Hall CMMC Accreditation Body CMMCAB
FAR DFARS Review DFARS Cases of Interest OctoberFAR DFARS Review DFARS Cases of Interest October
DFARS Cybersecurity Requirements Relating relevant guidance for DFARSDFARS Cybersecurity Requirements Relating relevant guidance for DFARS
DFARS Cybersecurity Requirements Relating relevant guidance for DFARSDFARS Cybersecurity Requirements Relating relevant guidance for DFARS
New Specialty Metals Rules for DFARS Compliance ComplianceNew Specialty Metals Rules for DFARS Compliance Compliance
Puzzle des Lebens Puzzle of life Puzzle dePuzzle des Lebens Puzzle of life Puzzle de
Important Business Decisions for CMMC Compliance Strategies forImportant Business Decisions for CMMC Compliance Strategies for
CMMC Security Compliance 1 Our Assessment Process 2CMMC Security Compliance 1 Our Assessment Process 2
DFARS Cybersecurity Compliance Adam Austin MSIA CISM SecDFARS Cybersecurity Compliance Adam Austin MSIA CISM Sec
SAFEGUARDING CDI COMPLIANCE WITH DFARS 252 2047012 HeatherSAFEGUARDING CDI COMPLIANCE WITH DFARS 252 2047012 Heather
NDIA Cyber DFARS Workshop Countdown to Compliance NovemberNDIA Cyber DFARS Workshop Countdown to Compliance November
DFARS Cybersecurity Compliance Adam Austin MSIA CISM SecDFARS Cybersecurity Compliance Adam Austin MSIA CISM Sec
Solving Simplifying Variables on Both Functions Equations SolvingSolving Simplifying Variables on Both Functions Equations Solving
Increasing Mobility with Global Search Simplifying Business SimplifyingIncreasing Mobility with Global Search Simplifying Business Simplifying
Simplifying algebraic fractions Contents Simplifying algebraic fractions AddingSimplifying algebraic fractions Contents Simplifying algebraic fractions Adding
Simplifying Expressions T Madas Simplifying Expressions a aSimplifying Expressions T Madas Simplifying Expressions a a
Simplifying All Kinds of Radicals Unit 7 SimplifyingSimplifying All Kinds of Radicals Unit 7 Simplifying
Simplifying Expressions T Madas Simplifying Expressions a aSimplifying Expressions T Madas Simplifying Expressions a a
Simplifying When simplifying a radical expression find theSimplifying When simplifying a radical expression find the
Review Rewriting and Simplifying Fractions Simplifying Rational ExpressionsReview Rewriting and Simplifying Fractions Simplifying Rational Expressions
Simplifying Basic Expressions westiesworkshop Old Spec Qs SimplifyingSimplifying Basic Expressions westiesworkshop Old Spec Qs Simplifying
12 3 Simplifying 12 3 Simplifying Rational Expressions12 3 Simplifying 12 3 Simplifying Rational Expressions