CMMC Preparedness

CMMC Preparedness: Webinar Recap

KTL Solutions recently hosted a webinar on Cybersecurity Maturity Model Certification (CMMC) Preparedness and welcomed esteemed guest Richard Wakeman of Microsoft. Richard is the Senior Director of Aerospace & Defense and Azure Global Engineering. During the webinar we covered topics ranging from CMMC-AB Town Hall News, Microsoft Offers, and GCC versus GCC High to name a few.  We also discussed some of the items coming down the pipe from the DOD including current instructions for the 5000.90 guide for Project Managers, the status of the DCMA’s DIBCAC assessments of C3PAO’s, and important updates from the CMMC-AB March Town Hall.  

Key Points

One item of note involves achieving compliance with NIST 800-171 requirements and not waiting until the last minute to prepare for a CMMC assessment. This cannot be stressed enough. Currently DOD Project Managers (PMs) simply validate a score in the Supplier Performance Risk System (SPRS) prior to a contract award. However, it is only a matter of time before PMs will be instructed to give preference to higher scores. With that said, it is vitally important to get your NIST 800-171 requirements in place as you work towards becoming compliant with CMMC.

Considerations: Regulations and Costs

Now that GCC is FedRAMP High and will support DFARS 252.204-7012 flow-downs, the Defense Industry Base (DIB) has options on which cloud offering works best depending on what Controlled Unclassified Information (CUI) they utilize. Does that mean a contractor can choose either GCC or GCC High? The answer is that it depends. If you transact with International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR), then GCC High is the only option. Besides regulatory considerations, a contractor must make smart business decisions as well. Weigh the cost between GCC and GCC High and think long term. Choose wisely; a decision to start in GCC could become more costly if you must later migrate to a different sovereign cloud, incurring additional expenses and losing valuable time during migration.

Expert Guidance: Microsoft and KTL Solutions

Microsoft provides excellent resources to assist in your compliance efforts. This includes tools like:

Contact KTL for a free 1-hour consultation to kickstart your journey towards CMMC Preparedness. KTL Solutions is a Microsoft Gold Partner and an authorized CMMC-RPO with CMMC-RP’s on staff to guide you.

In Case You Missed It

Watch the recorded CMMC Preparedness Webinar on our YouTube channel. You may also download a copy of the presentation deck. We look forward to seeing you at our next webinar. 

Share this post

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

Related Posts

Let’s Talk Security

As the IT security landscape evolves, new threats crop up almost daily and security teams face a heavy burden to keep pace. To provide some

Read More »

Cloud Based Solutions for Meeting CMMC Requirements

CMMC requirements vary depending on your business and industry. Manufacturing, IT consulting, engineering, construction, etc. may all have different infrastructures, but if you’re in the DoD supply chain, CMMC requirements are on the way. Compounding the new CMMC requirements are the challenges of remote work.

Read More »

Webinar Recap: RPO vs DIY

KTL recently presented a webinar on CMMC Preparedness: RPO vs DIY. This presentation highlighted the five key reasons that using an RPO (CMMC Registered Provider Organization) is better than trying to DIY (Do It Yourself). The speakers and their topics are below.

Read More »