“Everything IT” is a pretty broad mandate.
But that’s what we do. And we’re offering a regular series of free webinars to help you understand and apply various complexities of Information Technology management. On this page you can view past webinars, download the slide decks from them and sign up for future webinars.
If you have any questions about the topics below or suggestions for future webinars, just send us an email at ask_ATS@networkats.com.
DoD government contractors know that CMMC Compliance is critical. They also know that the Compliance process can be complex and confusing.
Each webinar in our CMMC Compliance series is designed to provide you with a solid understanding of the new DFARS requirements. Our goal is to help you “connect the dots” in the complex CMMC Compliance process.
This event touched on all the relevant information pertaining to the Defense Federal Acquisition Regulation Supplement (DFARS) Interim Rule which went into effect on December 1, 2020. The DFARS rule introduced not only the CMMC requirement, but also, two other clauses which impact defense contractors who handle Controlled Unclassified Information (CUI).
The new clauses require companies who handle CUI to perform a NIST 800-171 self-assessment, using NIST 800-171A and the new DOD Assessment Methodology, and report their raw score into the Supplier Performance Risk System. The new rule also allows for DOD to conduct “higher” level assessments that involve document review and potentially an on-site assessment by the Defense Contract Management Agency (DCMA).
CUI stands for Controlled Unclassified Information.
From creation through destruction, there are requirements for handling CUI at every stage. These also have implications for the information systems and physical spaces that touch CUI. Understanding CUI is the very first step in your CMMC journey. If your company handles CUI, or may in the future, then you will need to obtain the CMMC maturity level 3.
In this webinar we introduced the concept of the CUI Life Cycle (CUI Life Cycle (dodcui.com)). Authorized holders of CUI have requirements at each stage in the CUI life cycle. The CUI Life Cycle is a framework by which to consider the information you’re handling and where it fits within the information life cycle to help determine the applicable requirements that apply to your information currently.
In our third webinar, the ATS and OCD Tech CMMC webinar panel debunked numerous CMMC myths. While there are countless myths surrounding the CMMC, we grouped the into the three major categories that we most often hear: CMMC maturity levels myths, self-assessment myths, and solution myths.
Some of the myths we covered are:
This event touched on the methodology for achieving alignment with the CMMC and NIST SP 800-171 frameworks adopted by OCD-Tech and ATS.
We introduced the three-phase approach to alignment with a deep dive into phase 1: Gap Analysis & Documentation Creation and brought the audience through preparing for creating a System Security Plan (SSP), including determining scope and informing stakeholders. We also covered how to write proper implementation statements, and determining a NIST SP 800-171 Self-Assessment Score.
Through this webinar, participants were able to gain an understanding of how to begin to determine alignment or to confirm that they are on the right track in their current readiness exercises.
In this webinar, we’ll conclude our story of how we can guide you through the complexities of CMMC compliance.
We’re going to cover the last two parts of the process: Remediation and Documentation Finalization. Experts from both American Technology Services and OCD Tech will walk you through each step in the two final phases in the compliance process.
Click below to register.