Artwork

The Oakmont Group and John Gilroy에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 The Oakmont Group and John Gilroy 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!

Ep. 258 Why CMMC Compliance is now Non-Negotiable for Tech Leaders

29:17
 
공유
 

Manage episode 495861824 series 3610832
The Oakmont Group and John Gilroy에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 The Oakmont Group and John Gilroy 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

Everybody knows the world of technology is changing on a massive scale; in the federal community, there is a similar seismic change, but it has to do with policy, not graphics chips.

In 2020, the Department of Defense aimed to ensure its suppliers had a reasonable level of cyber protection and released the first version of the Cybersecurity Maturity Model Certification (CMMC).

In subsequent years, CMMC became a “nice to have” rather than a mandate. COVID-19 drastically increased the number of remote users, federal technology was moving to the edge, and malicious actors continued to expand their attacks unremittingly. As a result of this “Perfect Storm,” regulators at the DoD have gotten serious about CMMC compliance.

In today’s interview, we sat down with two CMMC experts and discussed some of the challenges associated with completing the CMMC requirements.

Fortreum’s Ben Scudera mentions that as many as 300,000 companies may be looking at CMMC compliance. While individual companies can read the requirements, there can be misunderstandings.

For example, if a company tries to define Controlled Unclassified Information, it may cast too wide a net or too narrow a net. If they are audited, the entire concept of scoping CUI can become a holdup for certification.

Early versions of CMMC allowed companies to review their capabilities and report themselves. Today’s CMMC transition is from self-attestation to external audits. These audits are challenging, with only 70 C3PAOs available to support 80,000 companies that require level 2 compliance.

The process is complex, requiring detailed data scoping and significant preparation time.

Companies must strike a balance between the costs and benefits of compliance, particularly for small businesses. The conversation also touches on the broader implications of CMMC for supply chain security and the potential for CMMC to evolve beyond federal contractin

  continue reading

273 에피소드

Artwork
icon공유
 
Manage episode 495861824 series 3610832
The Oakmont Group and John Gilroy에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 The Oakmont Group and John Gilroy 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

Everybody knows the world of technology is changing on a massive scale; in the federal community, there is a similar seismic change, but it has to do with policy, not graphics chips.

In 2020, the Department of Defense aimed to ensure its suppliers had a reasonable level of cyber protection and released the first version of the Cybersecurity Maturity Model Certification (CMMC).

In subsequent years, CMMC became a “nice to have” rather than a mandate. COVID-19 drastically increased the number of remote users, federal technology was moving to the edge, and malicious actors continued to expand their attacks unremittingly. As a result of this “Perfect Storm,” regulators at the DoD have gotten serious about CMMC compliance.

In today’s interview, we sat down with two CMMC experts and discussed some of the challenges associated with completing the CMMC requirements.

Fortreum’s Ben Scudera mentions that as many as 300,000 companies may be looking at CMMC compliance. While individual companies can read the requirements, there can be misunderstandings.

For example, if a company tries to define Controlled Unclassified Information, it may cast too wide a net or too narrow a net. If they are audited, the entire concept of scoping CUI can become a holdup for certification.

Early versions of CMMC allowed companies to review their capabilities and report themselves. Today’s CMMC transition is from self-attestation to external audits. These audits are challenging, with only 70 C3PAOs available to support 80,000 companies that require level 2 compliance.

The process is complex, requiring detailed data scoping and significant preparation time.

Companies must strike a balance between the costs and benefits of compliance, particularly for small businesses. The conversation also touches on the broader implications of CMMC for supply chain security and the potential for CMMC to evolve beyond federal contractin

  continue reading

273 에피소드

Все серии

×
 
Loading …

플레이어 FM에 오신것을 환영합니다!

플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.

 

빠른 참조 가이드

탐색하는 동안 이 프로그램을 들어보세요.
재생