CMMC 2.0: Legal, Assessor, and Threat Intelligence Perspectives

Join members of Crowell’s Privacy & Cybersecurity practice and panelists from Coalfire and Mandiant as we discuss the highly anticipated proposed rule for the Cybersecurity Maturity Model Certification Program (CMMC) issued by the Department of Defense (DOD) in December. CMMC is a unified assessment model released by the DoD in response to the growing threat of cyberattacks and data theft from its supply chain vendors. As proposed, this program requires every Federal contractor that handles DoD sensitive data to comply with certain cybersecurity controls. CMMC will bring greater scrutiny to contractors’ cybersecurity compliance and greater risks associated with failure to comply. To achieve certification, you’re required to prove that your organization can meet a myriad of security control obligations, a process that can be daunting if you’re not familiar with the policies, procedures, and practices that may be required when the program is finalized.

Topics will include:

• Overview of the CMMC proposed rule
• The CMMC certification process and what to expect
• Survey of the current threat environment shaping CMMC
• Common CMMC compliance challenges and recommended best practices
• Impact of CMMC attestations on other cyber disclosure regulations (e.g., FCA, SEC, etc.)