Agenda
- Jump to:
- At a Glance
- Day 1
- Day 2
- Add-Ons
- Print-friendly Format
Day 1 - Monday, September 30, 2024
Day 2 - Tuesday, October 1, 2024
8:00 |
Early RiserFSO Benchmarking: Tackling the next Wave of Complex and Real-World Challenges (by invitation only) |
8:45 |
Remarks from the Co-Chairs |
9:00 |
Keynote Address |
9:30 |
Classified Contracts and Controlled Unclassified Information CUI: What DCSA Now Requires and Navigating a CUI in a FOCI Mitigated Landscape |
10:15 |
Networking Break |
10:30 |
HYPOTHETICAL SCENARIOSFOCI and Cybersecurity Breach Action Plan: Tailoring Your Incident Response to Meet Mitigation Security Requirements and Breach Policy |
11:15 |
Mitigation Strategies: How DCSA is Now Expanding its Scope and Increasing Requirements for Special Board Resolutions |
11:45 |
SSA and Proxy AgreementsDetermining When to Restructure FOCI Mitigation Agreement: Key Considerations, and processes for SSAs, Proxy and other Agreements |
12:15 |
Business Leaders PanelThe Role of C-Level Executives in FOCI Mitigated Companies |
12:45 |
Closing Remarks from the Co-Chairs & Conference Concludes |
Post-Conference Workshop
AOP Working Group: A Practical Guide to Simplifying and Baselining the Affiliated Operation Plan
Oct 1, 2024 1:30pm – 05:00 PM
Speakers
Jennifer A. Gabeler
Vice President Security and Information Systems
CHG Group, Inc.
Day 1 - Monday, September 30, 2024
8:45 |
Opening Remarks from the Co-ChairsHeather L. Finstuen Richard Ray |
9:00 |
Interview: Examining the New DCSA Administration’s Priorities, Initiatives and Review Timelines
|
9:30 |
Cybersecurity Mitigation and CUI: Preparing for CMMC 2.0 Regulation and Ensuring Your FOCI Company is Using Correct Security ControlsCurtis H. Chappell Maria Keady Ernie Magnotti The U.S. Department of Defense issued a proposed rule to implement the Cybersecurity Maturity Model Certification (CMMC) Program (Proposed Rule) in December 2023. The proposed rule is expected to more strictly control how Controlled Unclassified Information (CUI) is safeguarded and disseminated with impacts on FOCI mitigation, contracts, third-party contractors, parent companies and cloud service providers. This session will cover key topics, including:
|
10:15 |
Networking Break |
10:30 |
Vulnerability Assessments and Self-Inspections: Preparing and Managing an On-Site Assessment and What Can Generate the Best Possible OutcomeMargaret M. Cassidy As DCSA is conducting more in-person engagement and onsite security checks, learn the latest lessons on how to prepare for an onsite assessment – and the expected (and unexpected) ramifications of an unfavorable result.
|
11:15 |
Polling & Hypothetical ScenariosThe Nuances of Roles of Outside Director and Proxy Holder Roles: Balancing the Wants and Needs of Stakeholders and National Security InterestsPamela Drew Mary Griggs During this session, speakers will lead delegates through a series of hypothetical scenarios that showcase the nuances of how a FOCI mitigated company can balance the roles of an outside director with its foreign parent. Delegates are encouraged to participate in anonymous live polling for enhanced benchmarking. Key topics will include:
|
12:00 |
AI DEMO & CASE STUDYHow AI is Being Used for Risk Mitigation |
12:30 |
Networking Luncheon for Speakers and Delegates |
1:45 |
Roundtable DiscussionHow DCSA’s FOCI Scope is Expanding Beyond Foreign Owned Companies and Impacting Supply ChainJill M. McClune Richard Ray Proposed changes to the National Defense Authorization Act (NDAA), Section 847 directs the U.S. Department of Defense to reduce reliance on services, supplies, or materials obtained from certain geographic areas, which may be controlled by adversarial countries. The change would also direct DoD to mitigate the risks to national security and the defense supply chain related to such a reliance. Announced in 2022, DoD is due to issue a report to congressional defense committees this year and is currently seeking input.
|
2:30 |
CFIUS and Export Controls Interplay: Navigating the CFIUS and FOCI Process for Companies Under Both Agreements – And How to Avoid HiccupsAntonia Tzinova Daniel Pickard
|
3:15 |
Networking Break |
3:30 |
Cyber Mitigation Case StudyDuring this session, delegates will delve into the complexities of an acquisition from the lens of cybersecurity. This will include a look at how to vet policy prior to acquisition, ensuring the acquired company has not already been breached, and how to ensure robust safeguards following the acquisition. Topics will include:
|
4:00 |
Interactive Roundtable Discussions – Pick your roundtable!Back by popular demand! Delegates are invited to break out into smaller group discussion tables to trade experiences and lessons learned for confronting the challenges of maintaining security standards amid a remote and hybrid workforce. Facilitators will guide the conversation to identify the latest best practices. Delegates are encouraged to choose their preferred table topic, and to move between tables during the discussion. Table One: Insider Threat: How are you safeguarding access and information? Table Two: How is the government vetting your employee’s online social footprint? Table Three: How does cybersecurity fit into a mitigation strategy? Table Four: Considerations for safeguarding your supply chain |
5:00 |
Conference Adjourns |
Day 2 - Tuesday, October 1, 2024
8:00 |
Early RiserFSO Benchmarking: Tackling the next Wave of Complex and Real-World Challenges (by invitation only)Join this early riser, smaller-group session to share the top-of-mind concerns affecting FSOs and how to meet the evolving demands of the job. |
8:45 |
Remarks from the Co-Chairs |
9:00 |
Keynote AddressJeffrey P. Spinnanger |
9:30 |
Classified Contracts and Controlled Unclassified Information CUI: What DCSA Now Requires and Navigating a CUI in a FOCI Mitigated Landscape
|
10:15 |
Networking Break |
10:30 |
HYPOTHETICAL SCENARIOSFOCI and Cybersecurity Breach Action Plan: Tailoring Your Incident Response to Meet Mitigation Security Requirements and Breach PolicyErnie Magnotti Robert Metzger What happens during a breach? This interactive session will examine the play-by-play of how a FOCI mitigated company will now need to react to a cybersecurity breach under stricter Department of Defense and CMMC safeguards
|
11:15 |
Mitigation Strategies: How DCSA is Now Expanding its Scope and Increasing Requirements for Special Board ResolutionsMatthew Madalo Norman E. Pashoian III
|
11:45 |
SSA and Proxy AgreementsDetermining When to Restructure FOCI Mitigation Agreement: Key Considerations, and processes for SSAs, Proxy and other AgreementsMichelle D. Hertz Stefan Lopatkiewicz
|
12:15 |
Business Leaders PanelThe Role of C-Level Executives in FOCI Mitigated CompaniesDennis S. Kallelis Alex Veneziano Moderator:Erin Estevez Best Practices for handling FOCI agreements
|
12:45 |
Closing Remarks from the Co-Chairs & Conference Concludes |
AOP Working Group: A Practical Guide to Simplifying and Baselining the Affiliated Operation Plan
Jennifer A. Gabeler
Vice President Security and Information Systems
CHG Group, Inc.
What is it about?
Workshop is offered In-Person only.
- Best practices and pitfalls to avoid when drafting and submitting an AOP, including:
- Describing Services: Who is providing the affiliated operation, to whom, and the costs and benefits
- Implementing Services: How will affiliated operations be implemented and are they mandatory?
- Technology: What is being utilized, who has ownership, types of information being shared, and frequency of interaction
- What to ask your security committees enough
- How the parent companies can manage the financial burden
- Customizing your AOP
- Key strategies for mitigating and managing affiliated operations
- Effective tactics for handling and reducing risks in affiliated operations
- DCSA compliance and enhanced efficiency
- Developing internal steps to ensure you are properly mitigating potential risks, including:
- Review of services: internal steps to ensure compliance with mitigating procedures, and how the FSO and Technology Control Officer (TCO) can work together to ensure compliance