CMMC Update: How to Get Started (Now!), Simplify Compliance and Lower Costs

The Department of Defense Cybersecurity Maturity Model Certification (CMMC) program is moving methodically through federal rulemaking to its predetermined conclusion of becoming law. At its core, certification at CMMC Level 2 is a validation—by an outside third-party assessor—that your institution is protecting CUI as it is already required to do. That means complying with NIST SP 800-171, developed several years ago specifically to protect CUI. If you’ve been stalling on CMMC, it’s time to get going. Consensus on the CMMC program is driving the DoD and its prime contractors to expect more from their university partners today. As a result, more institutions are moving forward on CMMC; those that aren’t are falling behind. We’ll update you on the latest news about CMMC’s timing and requirements, which are coming into better focus as CMMC gets closer to becoming law. Your colleagues on the panel will offer guidance on how to proceed, starting with NIST 800-171 compliance. That will take time to accomplish. They’ll share how they’ve been raising their cybersecurity levels by leveraging technological advances available today. One key point is to steer clear of complicated solutions. That approach helps reduce deployment costs and staffing needs—and avoid expensive MSP and consulting engagements too. Ample time will be devoted to answering all your questions—from beginner to advanced—and discussion will be encouraged to learn from attendees' experiences as well.