Suche senden
Hochladen
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
•
1 gefällt mir
•
113 views
ControlCase
Folgen
DFARS CMMC SPRS NIST 800-171 Explainer
Weniger lesen
Mehr lesen
Internet
Melden
Teilen
Melden
Teilen
1 von 29
Jetzt herunterladen
Downloaden Sie, um offline zu lesen
Empfohlen
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
AmyPoblete3
CMMC Certification
CMMC Certification
ControlCase
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
ControlCase
CMMC Breakdown
CMMC Breakdown
Ignyte Assurance Platform
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
William McBorrough
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
Jack Nichelson
Empfohlen
ControlCase CMMC Basics Deck Final.pdf
ControlCase CMMC Basics Deck Final.pdf
AmyPoblete3
CMMC Certification
CMMC Certification
ControlCase
CMMC DFARS/NIST SP 800-171
CMMC DFARS/NIST SP 800-171
Ignyte Assurance Platform
Webinar - CMMC Certification.pptx
Webinar - CMMC Certification.pptx
ControlCase
CMMC Breakdown
CMMC Breakdown
Ignyte Assurance Platform
MCGlobalTech CMMC Managed Compliance Service
MCGlobalTech CMMC Managed Compliance Service
William McBorrough
How I Woke Up from the CMMC Compliance Nightmare
How I Woke Up from the CMMC Compliance Nightmare
Ignyte Assurance Platform
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
A Clear Path to NIST & CMMC Compliance - 2023 Cleveland Security Summit.pdf
Jack Nichelson
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
ControlCase
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
ControlCase
SOC 2 Compliance and Certification
SOC 2 Compliance and Certification
ControlCase
Facility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
amburyj3c9
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
ControlCase
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
IBM
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
Ignyte Assurance Platform
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
EnergySec
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
Amazon Web Services
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
ControlCase
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
ControlCase
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
Jack Nichelson
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
Robert E Jones
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Amazon Web Services
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to Many
ControlCase
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
ControlCase
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
Withum
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ControlCase
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
Weitere ähnliche Inhalte
Ähnlich wie DFARS CMMC SPRS NIST 800-171 Explainer.pdf
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
ControlCase
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
ControlCase
SOC 2 Compliance and Certification
SOC 2 Compliance and Certification
ControlCase
Facility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
amburyj3c9
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
ControlCase
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
IBM
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
Ignyte Assurance Platform
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
EnergySec
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
John Gilligan
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
ControlCase
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
Amazon Web Services
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
ControlCase
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
ControlCase
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
Jack Nichelson
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
Robert E Jones
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Amazon Web Services
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to Many
ControlCase
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
ControlCase
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
Withum
Ähnlich wie DFARS CMMC SPRS NIST 800-171 Explainer.pdf
(20)
FedRAMP Certification & FedRAMP Marketplace
FedRAMP Certification & FedRAMP Marketplace
OneAudit™ - Assess Once, Certify to Many
OneAudit™ - Assess Once, Certify to Many
SOC 2 Compliance and Certification
SOC 2 Compliance and Certification
Facility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
Maintaining Data Privacy with Ashish Kirtikar
Maintaining Data Privacy with Ashish Kirtikar
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
IBM Relay 2015: Securing the Future
IBM Relay 2015: Securing the Future
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
How the DoD’s Cyber Security Maturity Model (CMMC) will impact your business ...
Explore the Implicit Requirements of the NERC CIP RSAWs
Explore the Implicit Requirements of the NERC CIP RSAWs
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Leveraging Purchase Power and Standards to Improve Security in the IT Supply ...
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
A Clear Path to NIST & CMMC Compliance - 2022 Summit.pptx
Cybersecurity Maturity Model Certification (CMMC)
Cybersecurity Maturity Model Certification (CMMC)
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to Many
PCI DSS Compliance in the Cloud
PCI DSS Compliance in the Cloud
Webinar: Critical Steps For NIST Compliance
Webinar: Critical Steps For NIST Compliance
Mehr von ControlCase
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ControlCase
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
ControlCase
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
ControlCase
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
ControlCase
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
ControlCase
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
ControlCase
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
ControlCase
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
ControlCase
HITRUST Certification
HITRUST Certification
ControlCase
PCI DSS Compliance Checklist
PCI DSS Compliance Checklist
ControlCase
Continuous Compliance Monitoring
Continuous Compliance Monitoring
ControlCase
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust Principles
ControlCase
PCI DSS Business as Usual
PCI DSS Business as Usual
ControlCase
Continuous Compliance Monitoring
Continuous Compliance Monitoring
ControlCase
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
ControlCase
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
ControlCase
PCI DSS and Other Related Updates
PCI DSS and Other Related Updates
ControlCase
Mehr von ControlCase
(19)
PCI DSS v4 - ControlCase Update Webinar Final.pdf
PCI DSS v4 - ControlCase Update Webinar Final.pdf
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
Integrated Compliance Webinar.pptx
Integrated Compliance Webinar.pptx
2022-Q2-Webinar-ISO_Spanish_Final.pdf
2022-Q2-Webinar-ISO_Spanish_Final.pdf
French PCI DSS v4.0 Webinaire.pdf
French PCI DSS v4.0 Webinaire.pdf
Webinar-MSP+ Cyber Insurance Fina.pptx
Webinar-MSP+ Cyber Insurance Fina.pptx
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
2022-Q3-Webinar-PPT-DataProtectionByDesign.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
Webinar-Spanish-PCI DSS-4.0.pdf
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
PCI DSS 4.0 Webinar Final.pptx
PCI DSS 4.0 Webinar Final.pptx
HITRUST Certification
HITRUST Certification
PCI DSS Compliance Checklist
PCI DSS Compliance Checklist
Continuous Compliance Monitoring
Continuous Compliance Monitoring
Performing PCI DSS Assessments Using Zero Trust Principles
Performing PCI DSS Assessments Using Zero Trust Principles
PCI DSS Business as Usual
PCI DSS Business as Usual
Continuous Compliance Monitoring
Continuous Compliance Monitoring
Healthcare Compliance: HIPAA and HITRUST
Healthcare Compliance: HIPAA and HITRUST
ISO 27001 In The Age Of Privacy
ISO 27001 In The Age Of Privacy
PCI DSS and Other Related Updates
PCI DSS and Other Related Updates
Kürzlich hochgeladen
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
mibuzondetrabajo
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best Practices
Lumiverse Solutions Pvt Ltd
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
Mario
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
vmzoxnx5
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
ICT Watch - Indonesia
How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...
rrouter90
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
APNIC
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
ICT Watch - Indonesia
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
AndrieCagasanAkio
Kürzlich hochgeladen
(9)
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best Practices
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
办理澳洲USYD文凭证书学历认证【Q微/1954292140】办理悉尼大学毕业证书真实成绩单GPA修改/办理澳洲大学文凭证书Offer录取通知书/在读证明...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
Summary ID-IGF 2016 National Dialogue - English (tata kelola internet / int...
How to login to Router net ORBI LOGIN...
How to login to Router net ORBI LOGIN...
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
Summary IGF 2013 Bali - English (tata kelola internet / internet governance)
TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
DFARS CMMC SPRS NIST 800-171 Explainer.pdf
1.
WEBINAR: DFARS, SPRS, NIST
800-171, CMMC EXPLAINER FOR DIB CONTRACTORS YOUR IT COMPLIANCE PARTNER – GO BEYOND THE CHECKLIST
2.
Agenda © ControlCase. All
Rights Reserved. 2 1. ControlCase Introduction 2. How Do the Acronyms Interplay? 3. What is DFARS? 4. What is NIST 800-171? 5. What is an SPRS Score? 6. What is CMMC? 7. What Do You Need to Do Now? 8. Why ControlCase?
3.
CONTROLCASE INTRODUCTION 1 © ControlCase. All
Rights Reserved. 3
4.
ControlCase Snapshot © ControlCase.
All Rights Reserved. 4 CERTIFICATION AND CONTINUOUS COMPLIANCE SERVICES Go beyond the auditor’s checklist to: Dramatically cut the time, cost and burden from becoming certified and maintaining IT compliance. • Demonstrate compliance more efficiently and cost effectively (cost certainty) • Improve efficiencies ⁃ Do more with less resources and gain compliance peace of mind • Free up your internal resources to focus on their priorities • Offload much of the compliance burden to a trusted compliance partner 1,000+ 275+ 10,000+ CLIENTS IT SECURITY CERTIFICATIONS SECURITY EXPERTS
5.
Solution © ControlCase. All
Rights Reserved. 5 Certification and Continuous Compliance Services “ I’ve worked on both sides of auditing. I have not seen any other firm deliver the same product and service with the same value. No other firm provides that continuous improvement and the level of detail and responsiveness. — Security and Compliance Manager, Data Center
6.
CMMC RPO FedRAMP
NIST 800-171 SPRS HIPAA HITRUST PCI DSS GDPR PCI PIN ISO 27001-2 SOC 1,2,3,& Cybersecurity PCI 3DS One Audit™ Assess Once. Comply to Many. Certification Services © ControlCase. All Rights Reserved. 6 “ You have 27 seconds to make a first impression. And after our initial meeting, it became clear that they were more interested in helping our business and building a relationship, not just getting the business. — Sr. Director, Information Risk & Compliance, Large Merchant
7.
HOW DO DFARS,
SPRS, NIST 800-171, AND CMMC INTERPLAY? 2 © ControlCase. All Rights Reserved. 7
8.
How do DFARS,
SPRS, NIST 800-171 and CMMC Interplay? © ControlCase. All Rights Reserved. 8 DFARS are the overall regulations NIST 800-171 is the control framework that DFARS relies on SPRS score is the methodology for scoring NIST 800-171 CMMC is the future framework that brings this all together
9.
WHAT IS DFARS? 3 ©
ControlCase. All Rights Reserved. 9
10.
Defense Federal Acquisition
Regulation Supplement (DFARS) The Defense Federal Acquisition Regulation Supplement (DFARS) to the Federal Acquisition Regulation (FAR) is administered by the Department of Defense (DoD). The DFARS implements and supplements the FAR. DFARS was established in December of 2015 to protect the confidentiality of Controlled Unclassified Information (CUI) within the Defense Industrial Base (DIB). In order to be awarded new DoD contracts, a contractor or supplier must be in compliance with this set of cybersecurity regulations, also known as the Defense Federal Acquisition Regulation Supplement or DFARS. What is DFARS? © ControlCase. All Rights Reserved. 10
11.
WHAT IS NIST 800-171? 4 ©
ControlCase. All Rights Reserved. 11
12.
NIST SP 800-171 NIST
is the National Institute of Standards and Technology at the U.S. Department of Commerce. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. Specifically, NIST 800-171 outlines how contractors and sub-contractors of Federal agencies should manage Controlled Unclassified Information (CUI). The NIST 800-171 Assessment is a self-assessment conducted following the NIST 800-171 DoD Assessment Methodology. As of November 30, 2020, all DoD contractors must conduct a NIST 800- 171 Assessment and submit their score to the Supplier Performance Risk System (SPRS). What is NIST 800-171? © ControlCase. All Rights Reserved. 12
13.
NIST 800-171 Control
Domains 110 security requirements broken down into 14 control families taken from FIPS 200 and NIST 800-53: © 2020 ControlCase. All Rights Reserved. 13 Access Control Identification & Authentication Physical Protection Security Assessment Audit & Accountability Incident Response Personnel Security System & Communications Protection Awareness & Training Maintenance Risk Assessment Systems & Information Integrity Configuration Management Media Protection
14.
WHAT IS A SPRS
SCORE? 5 © ControlCase. All Rights Reserved. 14
15.
SPRS Score The Supplier
Performance Risk System (SPRS) is a Department of Defense (DoD) application that gathers, processes, and displays data about supplier’s performance. SPRS is a “self-certification” score which is the result of a NIST SP 800- 171 DoD Assessment and provides contracting officials a score for the overall assessment of the supplier performance and supplier risk. Once you’ve generated your score, the new DFARS rules require your organization to maintain your current score in the SPRS, meaning the DoD self-assessment can be no more than three years old. What is CMMC? © ControlCase. All Rights Reserved. 15
16.
WHAT IS CMMC? 6 ©
ControlCase. All Rights Reserved. 16
17.
Cybersecurity Maturity Model
Certification (CMMC) CMMC is a unifying standard for the implementation of cybersecurity across the Defense Industrial Base (DIB). CMMC 1.0 Released by the US Department of Defense (DoD) and became effective November 2020. CMMC 2.0 Released November 2021. CMMC ensures that DIB companies implement appropriate cybersecurity practices and processes to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within their unclassified networks. What is CMMC? © ControlCase. All Rights Reserved. 17
18.
Who Does CMMC
Apply To? © ControlCase. All Rights Reserved. 18 Defense Industrial Base (DIB) contractors whose unclassified networks possess, store, or transmit Controlled Unclassified Information (CUI). Defense Industrial Base (DIB) contractors whose unclassified networks possess Federal Contract Information (FCI).
19.
You have FCI
Only You have CUI (in addition to FCI) Level 1 Level 2 or 3 What CMMC Level Are You and Next Steps? © ControlCase. All Rights Reserved. 19 WHAT YOU NEED TO DO Level 1 Self Assessment (optionally assisted by ControlCase) Level 2a The information that you manage is not critical to national security - Self Assessment (optionally assisted by ControlCase) Level 2b The information that you manage is critical to national security - C3PAO assessment (C3PAO assessment once every three years) Level 3 The information you manage involves highest priority, most critical defense programs - Government conducts an audit (Once every three years)
20.
CONTROLCASE CMMC LEVEL 1
ASSESSMENT PROCESS CONTROLCASE CMMC LEVEL 2A ASSESSMENT PROCESS 1. Deploy Compliance Hub with NIST 800-171 controls covering 17 practices 2. Complete Scoping 3. Complete 50% Evidence Review 4. Complete 100% Evidence Review 5. *Publish Level 1 Self Assessment Report . A. Deploy Compliance Hub with NIST 800-171 controls covering 110 practices B. Complete Scoping C. Complete 50% Evidence Review D. Complete 100% Evidence Review E. *Publish Level 2 Self Assessment Report ControlCase CMMC Assessment Process © ControlCase. All Rights Reserved. 20
21.
WHAT DO YOU NEED
TO DO NOW? 7 © ControlCase. All Rights Reserved. 21
22.
What You Need
to Do © ControlCase. All Rights Reserved. 22 First do your SPRS score here https://www.sprs.csd.disa.mil/
23.
• The changes
reflected in CMMC 2.0 will be implemented through the rulemaking process. Until the rulemaking happens DoD will not approve inclusion of a CMMC requirement under any DoD solicitation • DoD has provide resources to companies in the meantime. Its called Project Spectrum at https://www.projectspectrum.io/ • Companies can take this time to implement NIST 800-171 controls and other accompanying documents such as the System Security Plan (SSP) CMMC Current Status (and what can you do now) © ControlCase. All Rights Reserved. 23
24.
WHY CONTROLCASE? 8 © ControlCase.
All Rights Reserved. 24
25.
CMMC RPO FedRAMP
NIST 800-171 SPRS HIPAA HITRUST PCI DSS GDPR PCI PIN ISO 27001-2 SOC1,2,3 & Cybersec PCI 3DS One Audit™ © ControlCase. All Rights Reserved. 25 Assess Once. Comply to Many.
26.
ControlCase Compliance Hub® ©
ControlCase. All Rights Reserved. 26 Automated Compliance Engine (ACE) • Collect evidence such as configurations remotely. ControlCase Data Discovery (CDD) • Scan end user workstations for PII. Vulnerability Assessment & Penetration Testing (VAPT) • Perform remote vulnerability scans and penetration tests. Automated Log Analysis (LOGS) • Review log settings and identify missing logs remotely.
27.
Continuous Compliance Services ControlCase
Addresses Common non-compliant situations that may leave you vulnerable: © ControlCase. All Rights Reserved. 27 In-scope assets not reporting logs In-scope assets missed from vulnerability scans Critical, overlooked vulnerabilities due to volume Risky firewall rule sets go undetected Non-compliant user access scenarios not flagged FEATURE: Package 1 - With Cybersecurity Services* Package 2 - Without Cybersecurity Services* Quarterly Review of 15 to 25 Compliance Questions ✓ ✓ Quarterly Review of Scope ✓ ✓ Collecting & Analyzing Data through connectors from client systems — ✓ Vulnerability Assessment ✓ — Penetration Testing ✓ — Sensitive Data Discovery ✓ — Firewall Ruleset Review ✓ — Security Awareness Training ✓ — Logging & Automated Alerting ✓ — * Hybrid package can be selected.
28.
Summary – Why
ControlCase © ControlCase. All Rights Reserved. 28 “They provide excellent service, expertise and technology. And, the visibility into my compliance throughout the year and during the audit process provide a lot of value to us. — Dir. of Compliance, SaaS company
29.
THANK YOU FOR
THE OPPORTUNITY TO CONTRIBUTE TO YOUR IT COMPLIANCE PROGRAM. www.controlcase.com contact@controlcase.com Download CMMC Compliance Checklist CMMC Compliance Blog Schedule CMMC Compliance Discussion
Jetzt herunterladen