SAME DC Webinar Nov. 7 - CMMC: DFARS, Certification, Rollout (1PDH)

WEBINAR SESSION INFORMATION

CMMC: Unlocking DFARS Compliance, Becoming Certified, Handling the Rollout (1 PDH)

The Department of Defense's Cybersecurity Maturity Model Certification (CMMC) program represents a significant evolution in safeguarding Controlled Unclassified Information (CUI) across the Defense Industrial Base (DIB) that will officially be enforceable and required for contract award on November 10, 2025. This session will clarify the intricacies of CMMC and provide actionable insights for contractors navigating this essential regulatory requirement for earning contracts with DoD.

Attendees will gain a clear understanding of the foundational DFARS 252.204-7012 clause, which has long mandated the protection of CUI and the implementation of NIST SP 800-171 controls. We will explain how CMMC serves as the critical verification mechanism for this existing requirement, transitioning from a self-attestation model to a verifiable compliance framework. The discussion will illuminate how CMMC provides the DoD with the necessary assurance that defense contractors are adequately protecting sensitive national security information.

The panel will also examine 32 CFR Part 170 and 48 CFR 252.204-7021, the official federal regulations that formally codify and enforce the CMMC program for contract award. These crucial rules provides the legal teeth for CMMC, outlining the program's structure, assessment requirements, and enforcement mechanisms. Understanding its implications is vital for all organizations within the DIB, as it firmly establishes CMMC as a valid verification mechanism that is available to all government departments, not only DoD.

A core focus will be the practical steps involved in achieving CMMC Level 2 certification. Our expert panelists will guide participants through the entire process, from understanding scoping and conducting thorough gap analyses against NIST SP 800-171, to preparing for and successfully undergoing an assessment by a CMMC Third-Party Assessment Organization (C3PAO). We will share best practices for implementation, documentation, and readiness to ensure a smooth and efficient certification journey.

Finally, the discussion will address what to realistically expect with the CMMC rollout and business strategies to capitalize on compliance as a differentiator. We will cover anticipated timelines, the phased implementation strategy that now has requires for CMMC Level 2 certification immediately on November 10, the impact on new solicitations and existing contracts, and strategies for both prime contractors and subcontractors to ensure continuous compliance, maintain eligibility for DoD work, and earn more contract awards through cybersecurity compliance.

LEARNING OBJECTIVES

1. Learning Objective 1 - Understand the foundational relationship between DFARS 252.204-7012, the CMMC program, and DFARS 252.204-70121, recognizing CMMC as the verifiable compliance framework for CUI protection.
2. Learning Objective 2 - Explain the significance of 32 CFR Part 170 in formalizing CMMC as a federal regulation and its broader implications for government contracting.
3. Learning Objective 3 - Identify the key practical steps and best practices required to achieve CMMC Level 2 certification, from scoping to successful C3PAO assessment.
4. Learning Objective 4 - Describe the anticipated CMMC rollout phases and potential integration of CMMC by civilian agencies

Learning Units

This virtual session offers one (1) Professional Development Hour (PDH) certified by the SAME DC Post for live participants.

CAPACITY

This event is limited to 100 attendees. Once capacity is reached, the event will be "sold out" and will no longer accept registrations to attend. Only registered participants will receive the PDH certificate and opt=in attendee list after the live session. A copy of the presentation slides and recording will be available on the SAME DC Post's website after the webinar.

About the Presenter

Derek Kernus
CEO | Lead Certified CMMC Assessor | Chief CMMC Implementor

Derek guides a team of cybersecurity professionals focused on helping federal contractors build or remediate their cybersecurity programs to meet DFARS 252.204-7012 and CMMC Level 2 requirements. In his role, Derek supports the design and enforcement of the CMMC requirements on contractor IT networks. He is also responsible for supporting the clients of Aethon Security with thoroughly documenting the compliance of their Covered Contractor Information System through a System Security Plan (SSP) written to NIST SP 800-171A and gathering supporting artifacts.

Prior to starting Aethon Security, Derek was the Director of Cybersecurity Operations at a government contractor and the Deputy CISO at CMMC 3rd Party Assessment Organization. He and his team have led 10 organizations to pass CMMC Level 2 certification assessments, ranging from a 4-person distribution company to a 3,000-person international manufacturer. Derek holds the Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) certifications from ISC2, the Lead CMMC Certified Assessor Certification (Lead CCA) from the Cyber AB, and a Master of Business Administration from William and Mary’s School of Business.

https://www.linkedin.com/in/derekkernus

---

Aethon Security Consulting, LLC

www.aethonsecurity.com

www.linkedin.com/company/aethon-security

About Your Virtual Host

Whitney Stowell, SAME DC Post Webinar Host | Cribworkshttps://www.linkedin.com/in/whitney-stowell

Whitney Stowell is the CEO and Founder of Cribworks, a sales and business development consulting firm based in Washington, DC. With more than 15 years of industry experience across commercial, startups and government contracting, Whitney has worked in marketing, business development, corporate strategy and government affairs across a diverse range of small and large businesses, including Signify (formerly Philips Lighting), Major League Rugby (MLR) franchise Old Glory DC, Royal Philips, Elbit Systems of America, Chenega Corporation, and the Homeland Security and Governmental Affairs within the United States Senate.

Whitney sits on the Board of Directors for the Society of American Military Engineers (SAME) DC Post in Washington DC, a non-profit organization that collaborates with both government and private sector on national security infrastructure challenges. Whitney is an active member throughout the local rugby community, recently serving as President of the Washington Irish Rugby Football Club and works with local youth rugby clubs throughout the area. Whitney is also active in various organizations throughout the Washington DC, such as Bunker Labs, Smart Cities Group, Association for United States Army (AUSA), USA Rugby, and others. He served as the SAME DC Post President in 2024.

SAME DC Post - First Friday Webinar Series

Friday, Nov. 7, 2025

12:00 pm – 1:00 pm ET

Virtual Platform

Earn 1 PDH each session

Through a commitment to offering effective training, development and networking programs, SAME DC Post is helping sustain the future of the profession with monthly education-focused sessions to deliver topical and relevant content to our industry.

Our program offers a one-hour educational professional development opportunity on the first Friday of each month via a virtual platform, hosted by the SAME DC Post. Lunch is NOT included in the ticket (but you may eat your lunch while watching the session). Follow up questions by chat are encouraged.

This program is free to SAME members and students, and $25 for non-members. Please note, you must attend the live session to receive a one-hour (1 HR) PDH certificate from the SAME DC Post. Registration required.

Registered ticket holders will find the event link in their registration Online Event Page. The link to the session will also be emailed 24 hours before the program begins. Please add samedcprograms@gmail.com to your safe senders list. The email you use to register will be the email that receives the link.

REFUND POLICY

This event is non-refundable for paid ticket holders because all attendees receive a link to the live program immediately upon registration. Please note that not all jurisdictions or organizations accept PDH certificates for continuing education.

Call for Presentations

Do you have an educational topic you would like to present during our monthly First Friday Lunchtime Learning Sessions?

Presentations will be selected based on how the program will provide high-quality and valuable professional development for the A/E/C community, presentation topics that provide thought leadership and insight into current industry challenges, and solutions that are available beyond your organization’s specific product or service. Presentations that promote specific companies, products, or services will not be selected.

Please complete the online form to share your topic and learning objectives with the SAME DC Post Programs committee.

https://form.jotform.com/samedcprograms/first-friday

Questions

Please contact the SAME DC First Friday Director, Bree Beal at bbeal@kcct.com or samedcprograms@gmail.com

Sponsorship

Sponsorship for the First Friday Webinar Series and other programs and events are available for 2025 and 2026. Contact the SAME DC Sponsorship Team at sponsorship@samedc.org

➜ https://www.same.org/DCPost