Chapter Business Meeting Slides: Meeting Slides 6/24/2020
Speaker Slides: TBD
Topic: Cybersecurity Maturity Model Certification (CMMC) – A New, Required DoD Cybersecurity Standard
On January 31, 2020, the DoD published a new cybersecurity standard which will be required beginning in spring, 2020 for new acquisitions awarded to contractors who do business with DoD. The Cybersecurity Maturity Model Certification (CMMC) framework consists of 17 domains, five processes across five levels to measure maturity, and 171 practices across five levels to measure technical capabilities. DoD Program Manager’s will determine what level of maturity required to bid on new RFIs and RFPs based upon the sensitivity of the data in the contract. Maturity Levels range from Level 1, Basic Cyber Hygiene which is performed on an ad hoc basis up to Level 5, Advanced / Progressive cybersecurity capabilities performed with optimized maturity. Level 3 will be required for all future DoD acquisitions where basic Controlled Unclassified Information (CUI) will be part of the performance of the contract.
CMMC will be implemented on a crawl, walk, run basis over the course of the next five years. This spring the Accreditation Body will begin to train C3PAO organizations to certify companies. The DoD will train their Program Managers. Starting in June, a few select contracts will be identified with CMMC requirements in RFIs. This fall, CMMC requirements will appear in a few select RFPs. The execution of a new contract will require that prime contractor and their subcontractors to achieve the appropriate level of CMMC called upon in the contract. While details are still evolving, it is important to prepare now! Come learn more about these new requirements and how to get started.
Speaker: Dawn M Greenman, Deputy Program Manager Cybersecurity for Johns Hopkins Applied Physics Laboratory (JHU/APL)
Dawn M Greenman is Deputy Program Manager Cybersecurity for Johns Hopkins Applied Physics Laboratory (JHU/APL). In this position, she oversees cybersecurity projects across the organization and assists in the oversight of JHU/APL’s cyber operations, security engineering, and IT compliance functions.
Over the past 25 years, Ms. Greenman has held positions of increasing responsibility in information technology and cybersecurity, working for companies small to large. In 2017, Dawn lead JHU/APL to compliance with DFARS 7012 and NIST SP 800-171. During this time, she recognized the struggle small organizations were having with compliance requirements and also understood compliance alone was not enough. She started to participate in external projects and lead working groups with DoD and industry to develop strategies to improve the protection of controlled unclassified information.
More recently, passionate to improve the security of the DoD supply chain, Ms. Greenman eagerly accepted a role as Outreach Lead for the DoD Office of Sustainment and Acquisition’s Cybersecurity Maturity Model Certification (CMMC) project. The Cybersecurity Maturity Model, developed by JHU/APL and SEI/CERT, delivered DoD a new common standard in cybersecurity in January 2020. She will continue to participate in efforts to implement this new standard which will begin to be required by all defense contractors doing business with DoD as early as this summer.
Ms. Greenman holds an undergraduate degree in Information Systems with a concentration in Homeland Security. In July 2019, she graduated with an Executive Masters of Business Administration from The University of Maryland Robert H. Smith School Of Business. She is a Certified Information Security Professional (CISSP) and holds the GIAC Security Essentials (GSEC) certification.