This series, taught by experts in the field, will walk participants through the most important issues facing government contractors as they navigate the fast-changing issues of cybersecurity. Starting with a comprehensive overview of CMMC and key regulations, and ending with a session about how to deal with cyber incidents and breach of your systems, this series will also delve into the new government contracting rules relating to cybersecurity, considerations relating to cloud computing and supply chain issues in light of today’s cyber events. This webinar series will combine teaching of the key rules with war stories from the front lines and practical advice from experienced practitioners.
Cybersecurity: What Government Contractors Need to Know
Second Thursday of the Month, 2:00-3:30pm ET
- January 11 – What are Controlled Unclassified Information and Covered Defense Information, and Why Should we Care?
- February 8 – Protecting Sensitive Information and Proving it Through CMMCDuring this training, we will discuss and provide important guidance for government contractors seeking to ensure compliance with the government’s rapidly expanding cybersecurity requirements. Contractors will learn about new developments under the Biden Administration’s Cybersecurity Executive Order as well as existing statutory and regulatory requirements applicable to contractors. Discussion will cover key agency provisions and definitions (CUI, CDI, NIST, SPRS, etc.) with focus on the defense industrial base (FAR requirements, DFARS Assessments, CMMC), cyber considerations for owners and operators of information technology systems, and best practices for compliance.
- March 14 – Can I Put this Data in the Cloud? Should I?This training will explore cyber issues in the cloud, including Federal policies and guidance, acquisition of cloud services, and issues unique to Cloud Service Providers (CSPs). We will examine the Federal Risk and Authorization Management Program (FedRAMP) and related requirements, as well as the processes to obtain FedRAMP authorization. In addition, the class will examine agency-specific approaches to cloud computing, including DoD cloud provisions, and considerations when using a third party to provide cloud services under agency contracts.
- April 11 – Who can you Trust? Cybersecurity Supply Chain ConsiderationsThis program will discuss cybersecurity requirements with a specific focus on supply chain security and initiatives stemming from the Solar Winds hack and other attacks. We will discuss forthcoming requirements for contractors relating to enhancing software supply chain security as well as emerging issues relating to Internet of Things (IoT) devices. Contractors will learn about current regulations relating to prohibited sources of IT goods and services and similar restrictions they are likely to see in the near future.
- May 9 – Persistence Pays Off – Cyber Threat Information Sharing and Incident Reporting/InvestigationThis training will address cyber threats and incident reporting requirements as well as programs for sharing information on cyber. We will delve into existing regulations governing incident response and discuss future developments anticipated in this area. We also will discuss information sharing programs, including recent initiatives by the Cybersecurity & Infrastructure Security Agency (CISA), as well as the risks and benefits associated with participation in such programs. Finally, we will discuss considerations and best practices for incident response.