CMMC Bootcamp

Welcome to the CMMC Bootcamp!

The Defense Industrial Base (DIB) sector is the target of increasingly frequent and sophisticated cyberattacks. In response, the DoD is installing the Cybersecurity Maturity Model Certification (CMMC) 2.0 program designed to safeguard American innovation and national security information.

This initiative requires all contractors and subcontractors participating in DoD contracts at any tier of the supply chain to fully implement the CMMC practices by the beginning of 2025 to be eligible for DoD work.

CONNSTEP, the NIST Manufacturing Extension Partnership (MEP) regional authority, will conduct five (5) half-day workshop training sessions that will guide participants in the implementation of NIST SP 800-171 practices to improve the Department of Defense Supplier Performance Risk System (SPRS) compliance score and drive preparedness for CMMC 2.0 Level 2 audit.

This program takes place on Tuesdays & Wednesdays from 8:30 am – 12 pm. Online via Zoom. CMMC Bootcamp Schedule: May 13, 14, 20, 21, and 27.

Presented by CONNSTEP's Anna Mumford: Gain valuable insights from a leading expert in cybersecurity.

• Certified CMMC Practitioner (CCP), CMMC Registered Practitioner Advanced (RPA) Certified
• Masters in Cybersecurity Management from Purdue University & Computer Science bachelor's degree from ECSU
• Over 20 years of experience in information technology
• Assisted more than 100 manufacturers with regulatory cybersecurity compliance - assessments and implementation: cybersecurity policies, procedures, documentation, incident response capabilities

Also with Mark Musone, Chief Technology Officer at DataSure24. Mark leads all technical teams and brings over 18 years of experience in cybersecurity oversight and compilance, particularly with NIST 800-53 standards for federal agencies like the DOL, EBSA, and PBGC. A pioneer in open-source development and a member of the original PHP development team, Mark is also an active contributor to the tech community through speaking engagements and involvement in Linux and software user groups.

Workshop Session Topics:

May 13 - Session 1

• Understand the CMMC 2.0 Proposed Rule requirements, rollout timeline, and impact on subcontractors if not compliant.

• Learn how to identify and mark CUI/FCI.
• Hands-on exercises to map the CUI/FCI data flow through an organization and develop scoping documentation.
• Introduction to cybersecurity policies, procedures, best practices, and effective implementation throughout the organization
• 3.1 Access Control domain requirements discussion

Policies and Procedures customizable templates will be provided. Learning exercises to modify the procedures will be conducted throughout the five sessions.

May 14 - Session 2

• Learn CMMC Assessment methods and the role of compliance evidence documentation.
• Discuss the development of the Plan of Action & Milestones (POAM) and System Security Plan (SSP) documents.
• Requirements discussion for domains: 3.12 Security Assessment, 3.9 Personnel Security domain, 3.5 Identification & Authentication

SSP and POAM customizable templates will be provided.

May 20 - Session 3

• Learn the role of the Change Control Board (CCB) and authorizations
• Gain an understanding of the requirements in domains: 3.4 Configuration Management domain, 3.3 Audit & Accountability, 3.10 Physical Protection, 3.8 Media Protection domains
• Develop a schedule for continuous maintenance improvements and updates.

May 21 - Session 4

• Understand the requirements of an Incident Response Plan (IRP) and reporting to authorities.
• Requirements discussion for domains: 3.6 Incident Response domains, 3.7 Maintenance, 3.11 Risk Assessment
• Discuss Risk Assessment and Risk Management methodologies and procedures.

IRP and Risk Management customizable templates will be provided.

May 27 - Session 5

• Learn about the implementation best practices of domains: 3.2 Awareness & Training domains, 3.13 System & Communications Protection domains, 3.14 System & Information domains
• Review customized cybersecurity procedures.
• Discuss employee training on company security policies, effective techniques, and implementation best practices.