Top 5 Learnings from CMMC Accelerate 2024
Last week, on Wednesday, April 3rd, Hypori had the privilege of hosting an event, in conjunction with Amazon Web Services (AWS) and Carahsoft, aimed at fostering education around the Cybersecurity Maturity Model Certification (CMMC) framework.
This in-person gathering convened top government officials, defense contractors, C3PAOs, and expert CMMC technology solution providers. Distinguished speakers included:
Maj. Gen. (Ret.) Kim Crider, Founder Partner of Elara Nova and former USSF Chief Technology Innovation Officer;
Travis Goldbach, specializing in DFARS, NIST, and CMMC at AWS Government Regions;
Cole French, CMMC Practice Lead and Manager of Cybersecurity Services at Kratos Defense and Security Solutions;
Ross Nodurft, Executive Director of the Alliance for Digital Innovation (ADI);
and our very own CEO and Founder, Jared N. Shepard.
As Head of Partners & Alliances at Hypori, I find it fitting to reflect on the recent CMMC Accelerate event, given my role in developing and building a collaborative ecosystem amongst all the players in the defense industrial complex, which is necessary to protect American security interests.
So, here are my top 5 learnings from the event:
Major General (Ret.) Crider offers historical perspective to CMMC.
1. Collaboration is Crucial for National Security
Major General (Ret.) Crider kicked off by emphasizing the historical context behind CMMC, highlighting the imperative to protect defense-related information and the collaboration necessary across the government supply chain. She drew parallels with the post-9/11 era, stressing the need to secure national intelligence and data, underscoring the unacceptable vulnerabilities experienced in the past. Crider posed the critical question of how to achieve a competitive advantage in safeguarding national security while ensuring data protection, advocating for collaboration between the government and Defense Industrial Base (DIB).
2. You Must Drill Down to Foundational Components to Achieve Compliance
From there, Goldbach elaborated on AWS's foundational components for CMMC compliance, highlighting the expanding AWS ecosystem of software, hardware, and consulting partners. He outlined AWS's strategy to empower partners in addressing CMMC compliance for customers, emphasizing tools like the AWS LZA, which facilitate compliance with a set of CMMC controls for solutions built on it.
Slides from Goldbach’s presentation can be found here.
3. Documentation & Establishing Best Practices Helps Overcome Challenges
French addressed principal customer challenges observed in consulting engagements and shared best practices for addressing them. He stressed the importance of documenting inventory comprehensively, including software, networking elements, endpoints, and procedures, as essential for initial audit success and ongoing compliance management.
Slides from French’s presentation from a C3PAO perspective can be found here.
CMMC Accelerate Expert Roundtable Session
4. CMMC Will Keep Evolving
The Roundtable session explored various aspects of CMMC, including the impact of AI as a new source of risks and solutions. Other topics included CMMC costs, timing, options for outsourcing compliance to Managed Service Providers (MSPs), and the future evolution of CMMC. Notably, experts discussed the dynamic nature of CMMC, driven by pushback from organizations and the evolving cyber threat landscape, highlighting the necessity for continual adaptation.
“We need to remember that it isn’t just the government and private sector that are innovating. Bad actors are innovating on their side as well.”
5. Compliance isn’t Security
Shepard emphasized that compliance is not synonymous with security. Compliance frameworks like CMMC 2.0 serve as guidelines, providing a snapshot of compliance at a given time. However, true security requires constant vigilance, understanding that compliance frameworks are essential tools for understanding what should be secured at all times.
I am eager to witness the continued development of CMMC and how collaborative efforts can enhance the protection of our most sensitive data. If any of these insights resonate with you or if you'd like to explore CMMC solutions further, please don't hesitate to reach out to us.
- Rob Malnati, Head of Partners & Alliances
Hypori is Here to Help
With Hypori Halo, your IT team only needs to build one set of corporate applications for Android to be CMMC compliant on ANY device. One Device, Zero Worries.
Learn how to empower your remote workforce with zero-trust access to FCI and CUI on the go from their personal smartphones or tablets via CMMC Compliant BYOD for SMB DIB.
Take advantage of our special offer, where we will cover the setup costs for SaaS delivery of up to 50 Hypori Halo licenses.
