Navigating CMMC Level 2 Certification in Higher Education

Thursday, April 30, 2026 | 9:45AM–10:30AM PT | California Promenade, Second Floor
Session Type: Poster
Delivery Format: Poster Session
Grounded in UC San Diego’s successful certification experience, this session provides higher education security and privacy professionals with a practical, end-to-end roadmap to implement NIST SP 800-171 and achieve Cybersecurity Maturity Model Certification (CMMC) Level 2. With formal CMMC implementation effective November 10, 2025 (and DoD solicitations requiring certification for nearly all DoD-funded research), this session delivers timely, actionable guidance for navigating a complex regulatory landscape within academic environments. The session walks through our full certification journey: build the right team, conduct a gap analysis, develop required documentation, select and engage a C3PAO, and navigate both pre-assessment and assessment phases. We will share real-world insights on evidence collection, interviews, onsite logistics, daily debriefs, handling unexpected challenges, and post-assessment activities, including sustaining compliance. UC San Diego achieved CMMC Level 2 certification with zero corrective actions. This session translates that experience into a proven, adaptable model, equipping institutions at any stage of the CMMC journey with practical strategies to strengthen security, protect regulated research data, and remain competitive in the evolving federal research landscape.

Presenters

  • Sandeep Chandra

    Director, Health Cyberinfrastructure Division, San Diego Supercomputer Center
  • Rachel German

    IT Security Analyst 3, University of California San Diego
  • Lillian Maestas

    CMMC Operations Manager, University of California San Diego
  • Leslie Morsek

    Regulated Research Cybersecurity Lead, University of California San Diego
  • Daniel Quach

    Director, IT Risk and Compliance, University of California San Diego

Resources & Downloads

  • Poster

    Updated on 4/22/2026