2022 CMMC 2.0 Ecosystem Summit

The Cybersecurity Maturity Model Certification (CMMC) is a cornerstone of Department of Defense (DOD) supply-chain security efforts, but it is still a work in progress. The goal of protecting controlled unclassified information (CUI) that resides in the data networks of the Defense Industrial Base (DIB) is indisputable. One challenge is how to assess and certify implementation of required security practices at scale, while another is avoiding bureaucratic roadblocks and pricing hurdles that could limit small and medium-sized businesses from successfully conforming to the CMMC standard.

After a pause and a reboot last fall, the CMMC office moved to the DOD CIO’s organization, the number of CMMC levels and practices were reduced, and the opportunity to do self-attestation at Level 1 was introduced. A proposed revised CMMC rule was submitted to the Office of Management and Budget in late summer of this year, and an interim rule is expected by March 2023, followed by a 60 day public comment period. Language requiring CMMC certification could be in contracts starting in May 2023.

In the meantime, there are opportunities for all parties to get ahead of the game and engage in CMMC by participating in the early adopter program, by completing self-assessments, and by enrolling in the various types of CMMC professional training.

Washington Technology’s 2022 CMMC 2.0 Ecosystem Summit, which is being produced in partnership with The Cyber AB, will explore what the revised CMMC regime will mean for all stakeholders. This first-ever CMMC event that is officially sanctioned by the program’s accreditation body will focus on how organizations can best prepare for their CMMC assessments, how the CMMC Ecosystem is gearing up to support the DIB, what the practical implications are for certain CMMC policy positions, and what self-assessment tools NIST and others have made widely available.

Breakout sessions will provide an opportunity for deep dives into the mechanics of getting certified, understanding CMMC conflicts of interest, training opportunities, and advantages of going through the processes early.

Attendees will come away with a better understanding of:

• The latest CMMC policy developments
• The current capacity, offerings, and future projections of the CMMC Ecosystem
• The professional track for becoming a CMMC Assessor and/or a CMMC Practitioner
• CMMC training opportunities
• The Joint Surveillance Voluntary Assessment program
• Networking opportunities between all elements of the CMMC Ecosystem
• The revised and updated CMMC Code of Professional Conduct
• Considerations for small and medium sized DIB companies
• Resources and tools that NIST and others have made available to help with self-assessment
• Reciprocity expectations for FedRAMP-certified cloud providers
• CMMC implications for non-FedRAMP cloud service providers
• Legal considerations of performing CMMC self-attestations
• And more…