Subject |
Objective |
Four Questions |
Guest(s) |
Assets |
Intro 2 min 300 Words Open on an image of CT flag fade to manufacturing Grab a bunch of Solar Winds headlines and make a graphic Can’t always be stopped but that is why we must be prepared to protect National Security and Connecticut’s economy. |
Define the problem: DoD taking cybersecurity seriously. If CT does not act now, Primes and large subs will send their contracts out of state. There will be billions doled out for CMMC through Pathfinder awards and the NDAA. CT must ask |
None |
Cybercrime stock photo and video Quotes from FBI, NSA etc Get scary stats Make a gif of SolarWinds headlines |
|
5 min 750 words |
Introducing SCSU as CT premier CMMC partner Highlight the intelligence, veterans, FedRamp and NIST CyberSecurity specialists who make up the learning team Introduce the Computer Science Programs new CMMC/171 pathway in CyberSecurity MA Program |
What do you see as Southern’s role in the CMMC ecosystem? How can School of Graduate Studies and Professional Ed support the Connecticut Defense economy? What makes Connecticut so attractive as an advanced manufacturing hub? Why choose SCSU as your CMMC partner? |
Stock video of CT for voice over Stock video of SCSU Stock video of subs, Chinook, Apache, |
|
15 min 2225 words History of CUI from sharing to securing |
Define Federal Contract Information Define Controlled Unclassified Information Compare FCI and CUI Describe types of CUI Explain legal requirement for labeling, inheriting, storing, transmitting FCI/CUI, and destroying Identify federal laws and regulations that govern handling of FCI/CUI |
How do I know if I hold FCI or CUI? How are the laws and regulations different for protecting FCI and CUI? What is the history of CUI? Can my IP be CUI? |
9/11 Memorial (five second moment of silence) F-35 Stock video of manufacturing Stock video of hackers |
|
10 min 1500 words |
CMMC Model Describe history of CMMC Compare roles in the CMMC ecosystem Provide examples of process maturity Contrast practices across domains Identify CMMC compliance timeline |
What is CMMC? Who are the players a small manufacturer should know in the CMMC ecosystem? How would a small manufacturer document processes at Level 1 and 3? How do the Domains change between levels one and three? Based on the CMMC program when does my company need to be compliant? |
DC Stock video |
|
10 min 150 words |
CMMC Assessment Describe the roles of assessment team members Explain how an assessor determines adequacy and sufficiency Identify qualities of effective assessment reports? |
How do the assessment guides relate to NIST 800-171a What does it mean to interview, examine, and test? Does one matter more? As a small business what should I expect in an assessment report? Should I make my staff get CMMC certifications? |
Computer stock video manufacturing stick video interviews |
|
51 min 3 minutes each |
CMMC Domains define the domain List practices at Level 1 List additional practices at Level 3 Describe process documentation |
Provide a definition of each domain Describe requirements to meet process maturity. Where will an assessor look, who will they talk to, what will they test? List questions a small business can ask h/t Allison Giddens |
See script Call outs for each domain, Develop a color coded text structure for each element |
|
20 min 3000 words |
Getting Started and Controlling Cost Contrast software, documentation, and consulting solutions Explain importance of inventory, audit a, access, and budget documentation. Define OSC responsibility when using an MSP for IT. |
What is CMMC going to cost me? What are the first steps I should take? How important is documentation and pre-assessment activity? I use a contractor for all my IT and security. Do they need CMMC too? |
Manufacturing stock video |
|
~9 minutes closing and overflow |
CTA contact SCSU for CMMC training and our partner CyberDI for consulting. |