The U.S. Government and the 350,000 companies that support it, contribute research, engineering, development, delivery, and production of various systems, networks, and data. Malicious cyber actors continue to target the associated data, sensitive information and intellectual property—which is a threat to economic and national security.
The U.S. Government has implemented regulations to better protect this data and information. The current regulations require the use of National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171 framework. As of January 2020, the Department of Defense released the Cybersecurity Maturity Model Certification (CMMC) as the next step in the evolution of protecting US Government and industry data.
In this recording, we will cover what you and your organisation need to know to respond to and comply with these new regulations. More specifically, following this, you will be able to:
- Articulate the current regulations (NIST 800-171) and the upcoming regulations (CMMC)
- Explain what other affected industry companies are doing to prepare
- Reproduce the critical steps to prepare your organisation today to better protect the data as well as move towards compliance
- Produce the needed evidence to show compliance, including a System Security Plan (SSP), Plan of Action & Milestone (POAM) and Incident Response Plan (IRP)
Access On-Demand Recording
Perry Keating is a Managing Director in Protiviti’s Metro DC office with over 25 years of experience helping the US Government process and protect its data – he has been a US Government employee, contractor and assessor. His experience gives him unique industry insight into the Aerospace & Defense (A&D), Government Contractors (GovCon), and Public Sector (US Federal, State & Local) industries. Perry’s technical expertise includes cybersecurity control assessments, policies development, and remediation, and incident response for compliance with a variety of frameworks (FAR 52.204-21, DFARS 252.204-7012, FISMA, FedRAMP, NIST 800-53 rev 4; NIST 800-171 rev 1, CMMC v.1.02).
Director, Government Services
John DiDuro is a Director in Protiviti’s Government Services Division with over 30 years of experience helping the US Government protect its data – he has been a US Government employee as well as a contractor. His focus and experience are the US Government and the companies that support it. John’s technical expertise includes security control and technical assessments using a variety of US Government frameworks and regulations (FAR 52.204-21, DFARS 252.204-7012, FISMA, FedRAMP, NIST 800-53 rev 4; NIST 800-171 rev 1, CMMC v.1.02) as well as the practical experience of having been a US Government Information System Security Officer (ISSO).
Parava Security Services
Andy is the managing partner of a Parava Security Services, a member of the board of the UKs Security Institute, member of the advisory board of the CMMC Center of Excellence and a member of the CMMC standards working group. He has led both 1st and 2nd Line of Defense in cyber security, cyber risk and operational risk, and IT in regulated businesses delivering ISO 27001 and NIST 800 frameworks. As Group Vice President of cyber and technology risk for Santander, EMEA head of operations risk and CISO for Mizuho Corporate Bank (EMEA), and regional head of IT for Rolls - Royce Energy Operations. He holds a place on the UKs Register of Chartered Security Professionals, recognised by the UK Centre for the Protection of National Infrastructure (CPNI) and provides expert advisory and a counsel appointed expert witness services to UK clients.