SAME DC - December 6, 2024 - First Friday - CMMC Going Live: Implications for All Contractors

CMMC GOING LIVE: IMPLICATIONS FOR ALL CONTRACTORS This presentation examines the crucial role of Cybersecurity Maturity Model Certification (CMMC) in protecting Controlled Unclassified Information (CUI) within contractor information systems. With the CMMC rule nearing finalization, expected to be completed no later than October 25, 2024, it’s essential to understand that CMMC is expanding its reach beyond the Department of Defense. The program was codified in Title 32 of the Code of Federal Regulations, making it applicable to all government departments and agencies. As CMMC becomes a standard for safeguarding CUI across the government, business leaders must grasp the key elements of the final rule and the implementation timeline to effectively evaluate the need to implement the cybersecurity control requirements, their organization's readiness, and the timing of implementation. LEARNING OBJECTIVES Upon completion of this session attendees will have a basic understanding of: 1. How to reduce costs for becoming compliant and certified 2. What to expect when going through an assessment ABOUT THE PRESENTER Derek Kernus CEO | Certified CMMC Assessor | Chief CMMC Implementor Derek guides a team of cybersecurity professionals focused on helping federal contractors build or remediate their cybersecurity programs to meet DFARS 252.204-7012 and CMMC Level 2. In his role, Derek supports the design and enforcement of the CMMC requirements on client in-scope networks. He is also responsible for supporting the clients of Aethon Security with thoroughly documenting the compliance of their Covered Contractor Information System through a System Security Plan (SSP) written to NIST SP 800-171A and gathering supporting artifacts. Prior to starting Aethon Security, Derek was the Director of Cybersecurity Operations at DTS and the Deputy CISO at Sentinel Blue. While at DTS, he led a team that guided 2 defense contractors through 110-perfect score Joint Surveillance Voluntary Assessments – the equivalent of CMMC Level 2 certification assessments. Derek holds the Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) certifications from ISC2, the CMMC Certified Professional Certification (CCP) from the Cyber AB, and a Master of Business Administration from William and Mary’s School of Business. --- Aethon Security www.aethonsecurity.com www.linkedin.com/company/aethon-security --- ABOUT THE SAME DC POST The largest Society of American Engineers (SAME) Post, the DC Post is a 100% voluntary organization with an elected local Board of Directors and committees dedicated to serving the membership, providing educational content, industry and government engagement, building resilient communities, connecting with our future leaders through our student and young member groups, enriching the STEM pipeline, and preparing our military and veterans for life after the service. https://www.same.org/DCPost