Paul Daigle of aCMMCAudit.com is planning on being a panelist at Miami NIST 800-171 / CMMC 2.0 Conference.
Paul Daigle
MSP | MSSP | Transformational CEO | Board Member | Private Equity | Mergers and Acquisitions | IT Services Channel Ecosystem | Influencer | IT Services Industry Author | 6x Founder | 14 Exits | Host & Guest Speaker
Announcement:?Paul Daigle is planning on being a panelist at a NIST / CMMC conference being held in Miami, Florida early June. The panel discussion is centered around CMMC & NIST Standard 800-171 compliance and mitigation approaches.?
A supplier/contractor receiving Federal contracts needs to comply with Cybersecurity Maturity Model CMMC 2.0 and the NIST 800-171, and DFARS. To meet the requirements the supplier/contractor needs to select 3 distinct companies with expertise in different areas to comply.?Paul Daigle will be?talking about the role of the Accessors, and how the accessor is the “hub” of communications while maintaining the living documents, the other panelists will be discussing GAP Mitigation (MSP and MSSP), and SOC services respectively.
Background?
Requirement: ?NIST Standard 800-171 and CMMC 2.0 both require the Supplier/Contractor to document their direct compliance with the cyber security regulations and to document the compliance of their subcontractors. ?Documentation is produced by a Cyber Security organization experienced in the audit requirements and required documentation associated with these regulations.
The impact on Supplier/Contractor of not complying: ?Failure to meet the documentation requirement will cause an action that ranges from reduction, suspension, or cancelation of current contracts as well as disqualification from future federal contract awards.
A company’s EXECUTIVE BOARD is SOLEY RESPONSIBLE for 800-171 and CMMC 2.0 Compliance.?It is not the responsibility of the IT department, accessor, MSP, SOC, MSSP, etc. internal or external groups.
?
Best practice to maintain compliance, a Supplier/Contractor needs to complete an assessment by an Accessor and have the results of the assessment posted in the Supplier Performance Risk System (SPRS). These Accessor actions are sometimes called CMMC readiness, CMMC Pre-assessment, and CMMC Compliance Assessments. ?The Assessors then will provide a GAP analysis, corresponding Plan of Action & Milestones, and Policies to the client executive team in order to mitigate the discrepancies.
The Gap Mitigation Management Organization: The Gap analysis, Plan of Action and Milestones (POA&M’s), and policies are disseminated to Internal IT departments and/or the Managed Service Provider (MSP) and Managed Security Service Provider (MSSP) for work.?Mitigating risks from the GAP analysis is an ongoing, iterative process. ?The organization tasked with the POA&M’s role updates equipment, software, and services. ?As risks are mitigated the Accessor re-audits and updates the Gap analysis report.
Security Operations Center Organization - This group is responsible for real-time threat identification and mitigation. ?This function is often outsourced to a Security Operations Center (SOC).?SOCs are organizations that consistently monitor, identify, analyze, and mitigate threats. ?The SOC can’t be the same organization that monitors POA&M Execution, nor conducts and manages results from the Assessment.?As risks are mitigated with the Gap Mitigation organization, the Accessor re-audits and updates the Gap analysis report.
Cybersecurity is not an IT TECHNICAL issue; it is an ORGANIZATIONAL issue.?Therefore, focusing only on technical controls is ineffective!
----------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------
About Paul Daigle
A seasoned technology CEO and Board Chairman experienced leading businesses pivoting due to secular decline in their core business or challenged to identify and execute a transformational strategy to catapult new growth areas. A proven track record of increasing shareholder value through developing strategic plans, building high-performance cultures, and enhancing operational efficiency in turnarounds, stand-ups, and high-growth situations. Paul has managed 1,000+ organizational/strategic reviews with budgets exceeding $140mm and assets of over $800mm
领英推荐
About BizAdvisoryBoard.com
Specializing in helping the high-tech IT industry scale to the next level (peer Group). Accelerate through their current peer group to achieve growth and scale.
Coaching businesses through the issues and tribulations related to each peer group. At times we get into the trenches, identify what is why the business is not performing and recommend what needs to be adjusted, divested, concentrated on, and place interim experts to get them to their next peer group.
We provide a business evaluator that provides a blueprint for scaling your business to the next level, and the blueprint will establish your peer group and advise you on what you need to do (people and budget) to accelerate to the next level.?I will also offer you a 30-minute personalized consultation
Let me know if you would like the evaluator with or without the 30 minutes
About MSPTag.com – Co-Founder and CEO
A free resource for IT Service Providers to engage with vetted business professionals that know and understand the IT Services Industry.?Specifically helping MSP, MSSP, UCAAS, SaaS IT Service Providers, etc. This group of vetted consultants eliminates the need of having Executive and VP staff in-house.
The MSP Trusted Advisor Group is the quickest way to grow, scale and accelerate your business past your peers.?Gain exclusive access to tried and tested professional providers that will transform your business in the areas of marketing, business, operations, standards, capital, attorneys, and HR.?Join our roundtable of experienced MSP executives.?? ?
“The MSP Trusted Advisor Group - Strategy, Execution, and Accountability.” ?
Recognition: Forrester.com July 8, 2021?
Top 143 Social Media Groups For MSPs, VARs, And Tech Channel Professionals
“It is estimated that 90% of internet users participate (and get influenced by) social media in one way or another.”
MSPTag MSP Trusted Advisor group, top 50 Facebook group