Sessions

New Dates: February 19-20, 2025

Day 1: February 19, 2025

Keynote: State of the CMMC Ecosystem

Matt Travis, Cyber AB

  • Status of new rule implementation
  • Resources from the Cyber AB
  • Next deadlines/rule releases
  • Federal resources available

Session: 12 Steps to Compliance 

  • Walk-through of what needs to happen
  • When to be ready to schedule an official assessment
  • List of milestones

Session: CUI

Regan Edens, DTC Global

  • When DFARS Applies - CUI vs. COTS
  • FCI Scope vs. CUI Scope
  • CUI Marking
  • Reporting and Responding to Incidents

 

Day 2: February 20, 2025

The Government Speaks - DIBCAC Shares Their JVSA Observation

Nick Delrosso

  • What makes an assessment go fast
  • What slows it down
  • Common mistakes

Power Session

Regan Edens, DTC Global 

  • Critical Controls, Documentation, Evidence, and AI?
  • Deep dive on three controls that drive scoping your environment.
  • Understanding scoping and understand the controls.
  • Understand the key impact of the three controls on scoping.
  • How to document & develop evidence for each control.
  • Are AI tools ready to help?

Session: We Did It. So Can You.

  • How long did it take?
  • How did you we start?
  • Was a consultant used? What were the criteria?
  • How much of the organization was involved and in what ways?
  • How did we find the right C3PAO?
  • What did it cost? Prep costs vs. assessment costs
  • How did it change sales and profitability after passing?

The Prime Panel

Representatives from Saffron and GE

Primes weigh in on expectations for their subcontractors

  • How do subcontractors communicate status to their prime?
  • Is CMMC required for consideration?

Keynote with Mitch Thornton, Darwin Deason Institute fro Cybersecurity, °ÄÃÅÁùºÏ²ÊÔ¤²â

Session: Documentation - Too Much, Too Little and Just Right

Mark Berman, FutureFeed

  • Examine: Evidence and artifacts needed to validate a control
  • Interview: How to direct the assessor to the right interviewees and tips for the interviewee
  • Control summaries
  • Objective statements
  • Best practices for keeping policies and procedures up-to-date
  • Reference documents - what is needed and how frequently to refresh your content

Session: Choosing a Service Provider

  • Why do I need one?
  • ESP, MSP, MSSP, Consultant
  • Is my MSP my consultant?
  • Mock Assessment
  • C3PAP

Session: Mock Assessment Walk-through Panel

  • Finding a C3PAO
  • The Kickoff
  • Qualifying document review
  • Interviews
  • Tests
  • Findings

 

Speakers and agenda subject to change.