While there have been changes in the details and implementation of CMMC with version 2.0 being published (with further changes still possible), it’s clear that the time is now to be ready for the road that lies ahead.
What's required for government contractors today is DFARS clause 7012, NIST 800-171. But there are larger security implications of not being ready outside of just compliance readiness. It seems as though every week we learn about a new cyberattack on a federal agency, a government contractor, or an organization that plays a critical role in our infrastructure or supply chains. The White House recently released a Federal Zero Trust strategy in a memo that instructs agencies to internally source funding or seek investments from alternative funds such as the Technology Modernization Fund for fiscal years 2022 and 2023. Waiting around for the final rules to fall in place is no longer an option.
Even with CMMC 2.0 largely moving towards self-attestation, defense contractors will need to be able to self-attest with confidence now that the DOD is requiring a senior company official to attest to CMMC compliance rather than an IT administrator. This new requirement could mean the DOD has recourse to pursue companies and individuals that misrepresent their compliance through the False Claims Act. And in addition to that, the DOJ is incentivizing whistleblowing by offering those who report a percentage of the money the government recovers. This underscores the real need for early preparation & outside guidance.
TOPICS COVERED:
- The latest news on CMMC 2.0 and changes in DoD responsibilities for oversight
- New update as of February 10, 2022! Will most organizations now need a third party assessment?
- The implications and risks associated with compliance self-attestation
- The evolution of Zero Trust
- A discussion about recent cyberattacks and what they mean to you
The intention of the JAMIS Cybersecurity Panel is to provide awareness and education to JAMIS customers and other federal contractors on the topic of the Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) as it is being rolled out to the federal contracting industry. Data security is a very high priority for JAMIS, and staying engaged with industry experts and customers on this journey to a new frontier is the best way for us to prepare for a new regulatory environment.
Event Contact: events@jamis.com
Presenters:
Eric Crusius
Partner
Holland & Knight
Eric.Crusius@hklaw.com
Tom Tollerton
Managing Director
Dixon Hughes Goodman
Tom.Tollerton@dhg.com
Stacy High-Brinkley
VP Compliance
Cask Government Services
Stacy.HighBrinkley@caskgov.com
Jake Nix
CEO, RISCPoint
vCISO, JAMIS
jake.nix@riscpoint.com