2023 Society of American Military Engineers – JETC & Expo
The Society of American Military Engineers (SAME) 2023 Joint Engineer Training Conference & Expo is headed to San Antonio, TX May 2-4, 2023. Join your colleagues from across the A/E/C – Architectural/Engineering/Construction industry and joint engineer community for three days of education, training and networking opportunities. And as the Society of Military Engineer’s (SAME) Annual Meeting, JETC offers numerous awards and recognition activities to celebrate the contributions and excellence of the Society’s Posts and members in supporting the SAME mission “to lead collaborative efforts to identify and resolve national security infrastructure-related challenges.”
Vestige is participating in 2 presentations:
1. WORKSHOP – CMMC 2.0 – A Deep Dive
May 1, from 1-5 pm
PRESENTED BY: Damon Hacker, Vestige President & CEO & Jade Brown, BS, C|EH, GCTI
We will begin with an overview of the 3 breakout modules: Scoping, Domains, and the CMMC C3PAO audit preparation
- Attendees will break into smaller teams to tackle the issues addressed within each module
- Throughout the workshop you will complete our CMMC Planning Workbook for your organization
- You’ll discuss, within a team setting, how you’ve dealt with, or will deal with, the 110 security controls within NIST 800-171/CMMC
- We’ll talk about cultural changes and challenge
- We’ll share strategies for addressing the 14 Capability Domains
- If you have created a NIST 800-171/CMMC plan, bring it
- We’ll take a look at where organizations are struggling and the challenges their facing similar to yours
- We have a proven methodology for achieving compliance and we will share it
- We will wrap up with a presentation by each of the module teams, sharing with the group their conclusions and lessons learned
Module 1 – Scoping
One of the most critical factors in succeeding at CMMC is ensuring you have an answer to the question of scoping. Scoping is understanding how the framework fits your organization’s individual needs. Every organization looks a little bit different in terms of its use of technology, its competitive advantages and its unique culture – all things that contribute to what CMMC will look like and how you will achieve compliance for your organization.
For example, do you know whether everyone in your organization needs access to CUI, or only an isolated few? Knowing this answer will have a profound impact on the decision and direction your organization will take with CMMC.
Our experts will help guide the teams through the scoping conversation. The groups will discuss what has been tried in their organization and hear about critical considerations for success.
Module 2 – Domains
At each Maturity Level, there are controls that need to be addressed. (For example, at Maturity Level 2 there are 110 controls arranged within 14 control families/domains). The language used by the framework’s authors is not clear and as a result many organizations falter, as too much is left to the organization’s own interpretation. Unfortunately, you will be assessed as to what the DOD’s intent is for each control and not how you have interpreted the requirement. If not done properly from the onset, a misunderstanding of the requirements will likely affect your C3PAO audit, your NIST 800-171 score and the potential to mis-collect the wrong evidence.
In addition, there are multiple alternatives available to the organization. Some of those options depend on the size of an organization, some based upon complexity and still others based upon the organization’s own culture. We will explore available options for addressing these controls.
In this module, our expert will provide guidance around these requirements by walking through each domain and its set of controls. Each team will then be given an opportunity to engage in an open discussion about what has worked and what some of the pitfalls are when implementing change within an organization’s ongoing operations. In addition, we will explore as a group how to shape the conversation for your return to the office.
Module 3 – Putting It All Together
In this module we bring what you’ve learned in this workshop together, to ensure success as you prepare for the C3PAO assessment. We will explore whether you have properly evaluated your infrastructure, including policies and procedures. You will determine: if you have well designed controls, explore how to evaluate and measure execution, and discuss requirements surrounding the evidence.
In our small group breakouts, we will hear about the teams’ collective experiences and challenges with both the C3PAO process and subcontractor compliance. We will explore the timeline for engaging with a C3PAO, considerations for selecting a C3PAO and special circumstances such as taking advantage of the Joint Surveillance Program. We’ll talk about what organizations should expect when going through the C3PAO assessment, including the three forms of evidence that will confirm the existence of a security control – interview, observation and testing. Lastly, we’ll talk about how to make sure you’re ready to support each of the controls and put your best foot forward during the official assessment.
Who Should Attend
- Individuals responsible for DoD contracts
- Individuals responsible for protecting Controlled Unclassified Information (CUI)
- Anyone in the Defense Industrial Base (DIB)
- Organizations that recognize that compliance with CMMC is not an option when working with the DOD
Why Should You Attend
- To learn how to succeed with your CMMC compliance
- Become confident in your ability to meet the demands of the assessment
- To hear from companies and executives about their successes, and obstacles to becoming compliant
- To complete a planning workbook with tangible, executable next steps that you can take back to your organization
- To get a list of applicable resources and a CMMC glossary
- The importance of having a plan of attack for addressing CMMC
- What applies to your organization and what doesn’t
- How to avoid unnecessary system rework and the associated costs
- The value of approaching the journey in an orderly, prioritized fashion
- How to select a C3PAO and what to expect when going through the official assessment
2. PANEL – What to Know Before the CMMC Auditor Arrives
May 2, from 2:30-3:30pm
PRESENTED BY: Damon Hacker, Ned Childs, Ola Sage; and moderated by Jane Flynn.
Gain perspectives from a C3PAO, Lawyer and a CMMC Expert (RP).
With CMMC 2.0 right around the corner, many organizations are scrambling to come into compliance. For organizations that are unfamiliar with an evidence-based assessment, they may be fearful of what the C3PAO is going to find or worse, unaware of the rigor that it requires – leading that organization to be woefully unprepared for such audit. This panel discussion brings together the collective expertise from the perspectives of:
- a Registered Practitioner (RP) who knows the ins-and-outs of how to comply and how to “get it done”,
- a lawyer that specializes in organization’s FAR and DFARS obligations and understands the liability of the flow-down clauses between primes and subcontractors, and
- a Certified CMMC Assessment Team Member and CEO of a CMMC Third Party Assessment Organizations (C3PAO).
Benefits of Attending:
- Understand the value of having your CMMC Expert on-board at the time of the certification assessment,
- Learn why organizations need to understand their liability as it pertains to their supply chain, and
- Gain perspective from a C3PAO on what they’re going to be looking for during the certification assessment.
Attendees Will Learn:
- What an evidence-based assessment means and what’s involved to comply,
- The importance of having an advocate in the room that is both a CMMC master and IT expert to defend your control environment, and
- What’s at stake if they and their subcontractors are not in compliance and/or misrepresent their compliance.
See you in San Antonio! Look for Vestige in Booth # 344
The 2023 JETC in Texas promises to be a must-attend reunion for members of the military engineering community and A/E/C industry! After two years of hosting JETC virtually, we are so excited to be getting together again for the premiere joint education and training conference, bringing together professionals from across the public and private sectors to learn and network in a collaborative setting.
Don’t miss this chance to reconnect with friends and colleagues, and strengthen your personal and professional development. Mark your calendars for May 2-4, 2023 at JETC!