Loading Events

April 29, 2021

The CMMC Paradigm and Contractor Supply Chain Risk Management Obligations

  • This event has passed.

The CMMC Paradigm and Contractor Supply Chain Risk Management Obligations

Companies seeking to begin or continue doing business with the Defense Department must comply with the November 2020 interim procedural rules in order to be eligible for a DoD contract or subcontract. Cybersecurity compliance has become as fundamental to federal contracting as “technical, past performance and price.” The effort to comprehend, analyze, prepare and implement the company’s cybersecurity necessary to obtain CMMC certification is time-consuming (6-9 months) with the cost depending on the CMMC Level sought. Prudent contractors must confirm that their NIST-based System Security Plan is sufficient for their current and anticipated contract obligations.



Your company’s CMMC certified level of “cyber hygiene” will directly impact your eligibility to contract or subcontract with the Defense Department (and non-DoD agencies such as GSA and Homeland Security) as well as impact your competitive eligibility anywhere in the DoD supply or service chain.

In this Program, you will learn about:

  • The CMMC – DoD 2025 implementation schedule;
  • The Federal cybersecurity vocabulary: CUI, FCI, CDI;
  • CUI marking obligations by government and contractor personnel
  • How CMMC “Level 1” applies to all federal agencies;
  • The requirements of DFARS 252.204-7012 and the interim DFARS 252.204-7019, 7020, and 7021 clauses;
  • DoD’s November 2020 Self-Assessment Methodology;
  • The Supplier Performance Risk System (SPRS);
  • The DoD guidance available to achieve CMMC Level 1;
  • The available self-assessment programs;
  • The requirements under [Draft] NIST SP 800-172 contained in CMMC Level 3 to address Advance Persistent Threats;
  • Cybersecurity as a contractor qualification (the CMMC Level) versus an evaluation factor (the quality of a System Security Plan);
  • CMMC, the Cloud and FedRAMP (Azure, AWS, IBM);
  • The fundamentals of cybersecurity training;
  • The government-wide supply chain obligations regarding Chinese sources
    • DoD guidance
    • GSA guidance
  • DoD supply chain obligations regarding Chinese and Russian sources
    • DoD guidance

Event Details

Date & Time

April 29, 2021 @ 12:30 pm - 3:00 pm