Many DoD contractors, suppliers, and vendors who process Controlled Unclassified Information (CUI) have no idea how to comply with the CMMC / NIST 800-171 cybersecurity requirements as listed in the DFARS 252.204-7012 clause. Even when contractors understand the requirement, they are often resource strapped and cannot dedicate enough time to develop a compliant cybersecurity program.
Totem aims to rectify this situation with a series of short, online, hands-on virtual classes to show DoD contractors how to comply with the CMMC / NIST 800-171 requirement and build a compliant program with limited resources.
Our virtual DFARS classes are led by Totem’s team of seasoned cybersecurity experts, who themselves work for a small business prime DoD contractor. Presentation topics are outlined in the schedule section below and are intended to set the attendee off on the right foot to develop an Information Technology System Security Plan (SSP) commensurate with current DFARS 7012 requirements (NIST 800-171 controls) and future CMMC practice requirements. Attendees will also learn how to comply with the incident response and reporting requirements for DoD contractors. Workshop cohort size will be limited to no more than 10 companies to maximize individual Q&A time with our expert instructors.
Tuition for the nine (9) 1.5 hour classes, the additional extensive 1.5 hour Q&A session, e-workbook, and 30 days of the Totem Cybersecurity Compliance Management Software is $500.
Overview of Requirements
· Introduction to Totem.Tech
· Overview of DFARS/CMMC cybersecurity compliance
Scoping your plan
· System Inventory basics
· System Description workbook introduction
· The DoD 800-171 Assessment Methodology
Building an SSP (Part 1)
· System Security Plan (SSP) requirements
· Introduction to Cybersecurity Program Planning
Building an SSP (Part 2)
· Principles of quality cybersecurity policies
· Addressing the FAR 17
Building an SSP (Part 3)
· Addressing other challenging control families
Incident Response Planning (Part 1)
· Reporting Incidents—procuring an ECA certificate
· Incident Response Plan Basics
Incident Response Planning (Part 2)
· Exercising your Incident Response Plan
Closing the gaps
· Developing and executing a Plan of Actions and Milestones (POA&M)
· Answer lingering questions
By participating in all of these virtual classes, the attendee will:
Understand the requirements for a DoD contractor cybersecurity program
Understand how the DoD intends to assess and certify cybersecurity programs for compliance
Begin building a System Security Plan (SSP) as a set of “blueprints” for their organization’s cybersecurity program
Begin developing a compliant and efficient cyber Incident Response capability within their organization
Understand how to develop and execute corrective action plans to fix gaps between current state of cybersecurity plan implementation and that outlined in the SSP