Minutes from 2021-06-30 Coalition Meeting

WELCOME First Time Attendees!

Topics Discussed

CMMC latest news events

Connstep / Fireeye hosted a successful event last week

The House Committee on Small Business: CMMC Implementation: What It Means for Small Businesses testimony occurred. People complained about costs and having to read. No real information provided.

Managed Service Provider (MSPs) are allowed to be present during the audit but should be documented in the policy as the control owner

CMMC Accreditation Body Advises Stakeholders to be Aware and Informed About Unauthorized Training Providers – 06-29-2021 news for CMMC-AB (cmmcab.org)

The CMMC-AB is currently developing the following three exams: CCP, CCA-1, and CCA-3. These exams will measure the CMMC knowledge of the individual and will be used to determine eligibility for license as a CMMC assessor or instructor at the various CMMC Levels within the maturity model framework.

To meet quality requirements, only educational content that comes from a CMMC Licensed Partner Publisher (LPP) will be considered approved training material for preparing for the upcoming CMMC-AB individual certification exams.

In addition, to meet quality requirements, only training services provided by a CMMC Licensed Training Provider (LTP) will serve as a valid pre-requisite for sitting for a CMMC-AB certification exam. All LTPs are required to use authorized training content provided by the LPPs. They are also required to use CMMC-AB certified instructors, currently identified as Provisional Instructors (PIs).

Finally, only individuals obtaining training from authorized CMMC-AB providers (LTPs) will receive a CMMC-AB Professional Number (CPN) and be registered and have their progress tracked within DoD’s Enterprise Mission Assurance Support System (eMASS), a requirement for attaining certification as a CMMC assessor or instructor.

Since no CMMC training content has yet to be authorized for publication by LPPs, no LTPs are yet authorized to conduct official CMMC training in preparation for the upcoming CMMC-AB certification exams.

The Coalition wants to remind people THEY CAN AND SHOULD start CMMC training today.

The CMMC-AB | (cmmcab.org) hosted a Town Hall. Check the website for latest for when the Jun 29, 2021 CMMC AB Townhall video gets uploaded.

IAC members were introduced along with Organizations Seeking Certification (OSC) representatives

Despite organizational changes, CMMC is here to stay. Members reported on a number of other Federal Agencies currently looking at CMMC for the NARA CUI compliance. Further the CUI and FAR updates go to public comment in November.

https://www.gov.uk/government/publications/industry-security-notices-isns/compliance-with-cyber-security-requirements-from-other-nations

UK Ministry of Defense’s latest security notice released and would explain why UK-based contacts won’t send compliance metrics to you

Whitepaper update

Released as a follow-up to the Connstep / Fireeye event hosted last week

Whitepaper contributors acknowledgment will be added in the whitepaper before posting on the CT CMMC coalition website

The Coalition, lead author Paul Netopski, hard at work on a whitepaper regarding cost of CMMC

Subs/suppliers/contractors & current CMMC landscape challenges

Recent news article estimating CMMC compliance to the tune of $100,000, which doesn’t have hard numbers to back it up yet.

The pending C3PAOs connected to the Coalition will not release cost estimates as scoping for each company bespoke. An SMB for examople could have 10 employees and five locations or 200 employees and one location. The first company could have more endpoints, stuff that connects to the web, than the later. All of this affects scope which controls price.

The Department of Defense has not released any scoping guidance.

D. Updates

Outreach with leader involved with Procurement Technical Assistance Center (PTAC) continues. Arvin, Manufacturing Director, will invite those serving in a consulting role with manufacturers. to the next meeting

CMMC 123 has officially launched. Dana Mantilla, Communication and Media Director, continues to develop the web property and scripts as part of the CMMC Essentials class at SCSU. Next up Dana will interview a new hacker utilizing social engineering.

The Coalition believes that risk assessment and common attack vectors such as social engineering, mobile device hacking, and phishing must have a staring role in any companies cybersecurity plan.

The CMMC Essential class at Southern continues. Many of the coalition members currently enrolled and working on special projects. The next class begins July 20th.

Daryl Ray, Program Manager created a kanban board in our LinkedIn Group to track activity.

Leave a comment

Your email address will not be published. Required fields are marked *