The U.S. Department of Defense issued a proposed rule to implement the Cybersecurity Maturity Model Certification (CMMC) Program (Proposed Rule) in December 2023. The proposed rule is expected to more strictly control how Controlled Unclassified Information (CUI) is safeguarded and disseminated with impacts on FOCI mitigation, contracts, third-party contractors, parent companies and cloud service providers. This session will cover key topics, including:

• Safeguarding the relationship of a foreign entity and the mitigated entity, delineating access to network controls and cyber controls, and updating your company’s Electronic Communication Plans (ECP)
• Managing the rising cost of delineating network access
• Conducting a gap analysis to determine the compliance status of the parent company
• Meeting expectations for more strict safeguarding obligations for storage, processing and transmitting of sensitive DoD information
• Ensuring your FOCI company has the necessary security controls and that you are not relying on the controls of the parent company
• Determining which contractors need assessments and certifications – and whether they are self-assessments or third-party assessments (C3PAO) or by the Defense Contract Management Agency’s (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC)
• Assessing Contractor Implementation of Cybersecurity Requirements (DFARS Case 2019-D041)