CMMC関連の米国情報(ご紹介)

 このところ、米国ではCMMC適用の15プロジェクトが決まり、およそ2000社が秋までに(2021年9月)なんらかのCMMC認定を取ることになるとDoDはアナウンスしています。そんな米国から、いくつかのwebinarなどが開催されており、良い勉強のチャンスだと思います。ほとんどが日本の深夜開催になりますが、皆さんも米国の生の最新情報に触れてみてはいかがでしょうか?

  • Webinar | How Secure is the Defense Industrial Base Supply Chain?
    • Wednesday, February 3, 2021, at 9:00 am (PST) | 12:00 pm (EST)
    • – The CyberSheath Team
      • The requirements for contracting with the DoD, both for prime and sub-contractors are no longer left to self-certification as the DoD is increasingly auditing compliance and mandating submission of a NIST SP 800-171 assessment prior to contract award. Your scored assessment must be entered into the Supplier Performance Risk System (SPRS) to capture future DoD revenue.
      • Wouldn’t you like to know how your assessment scores comparatively, the steps compliant businesses are taking, and the common challenges to achieving compliance before you submit your results to the DoD? CyberSheath has the answers you are seeking based on thorough analysis of the hundreds of DoD assessments we complete each year.
  • Cybersecurity and CMMC Implementation Tabletop Series – Webinar 3, Pre-Award Process
    • Sat, Jan 30, 2021 12:00 AM – 1:30 AM JST
    • NDIA SUMMIT7
      • 仮想の会社を例に、この場合はどうすべきか?といった演習形式セミナー
      • With the introduction of the Cybersecurity Maturity Model Certification (CMMC) program, contractors must ensure that their systems are in compliance with all requirements of the interim DFARS rule and/or the applicable CMMC cybersecurity level. Through a series of 90-minute tabletop exercises, we have been following a fictional company as it navigates the CMMC certification process and its compliance with the FAR and DFARS requirements for flow down, reporting, investigation, and mitigation. Our third tabletop exercise will focus on the identification of Controlled Unclassified Information (CUI), including whether it is Controlled Technical Information (CTI) or government or contractor CUI information, and triggers for Basic Assessment and CMMC requirements on the path to award and contract performance. To facilitate the discussion, we will include panel members from the Office of the Secretary of Defense (Intelligence & Sustainment), National Archives and Records Administration (NARA), as well as representatives from the Defense Industrial Base. During the tabletop exercise, attendees will participate in the scenario through polling and will have the opportunity to raise questions about implementation.