Cindy and Joy share that for this interview they sat down for Episode 17 of Faces of Manufacturing on MI Business Network with Dewpoint’s

Don Cornish, CISO/ Security Architect

Ernesto Cuevas, CIO, Chief Innovation Officer

Bob Bartholomew, President & CEO

Questions from Don:

• Intro – Backgrounds of Don / Ernesto
• Intro as to what CMMC is and who is impacted
• Steps in the CMMC journey – Timing
• Flow down clause from Prime contractor to sub-contractors.. this is necessary to understand/
• What needs to be done – When it needs to be done – Who can help?
• MEDC program
• Dive Deeper into the Department of Defense (DoD), or they act as subs to companies that do work for DoD.  Now that the final ruling has been filed, it is real and companies will need to understand what they may need to do, how they may or may not be impacted, etc..
• Vulnerability program versus a Penetration test, what are they and why are they different…
  
  

About CMMC and Its Role in DoD Contracts

• What exactly is the Cybersecurity Maturity Model Certification (CMMC) and why was it introduced?
• How does CMMC impact companies seeking Department of Defense (DoD) contracts?
• Can you explain the different levels of CMMC certification?
• What are the key requirements for businesses to obtain CMMC certification?
• How does CMMC differ from other cybersecurity frameworks such as NIST or ISO 27001?
• What are the consequences for contractors if they don’t meet CMMC requirements?
• How do DoD contractors prepare for a CMMC audit?
• What is the timeline for CMMC certification becoming mandatory for all DoD contracts?
• How does CMMC address the protection of Controlled Unclassified Information (CUI)?
• What types of companies need CMMC certification? Does it apply to all businesses in the DoD supply chain?
• How does the CMMC model affect small and medium-sized enterprises (SMEs) that want to work with the DoD?
• What is the process for a company to get assessed for CMMC certification?
• What are some common mistakes companies make when preparing for CMMC certification?
• How can companies stay up to date with changes in the CMMC framework and DoD requirements?
• What role do third-party assessment organizations (C3PAOs) play in the CMMC certification process?
• What are the costs involved in obtaining and maintaining CMMC certification?
• Can a company with a low CMMC level still participate in certain DoD contracts?
• Are there any exceptions or exemptions to CMMC requirements for certain types of contracts or businesses?
• What happens if a company’s CMMC certification expires?
• How will CMMC impact the competitive landscape for DoD contractors?
• About the Importance of a Local Internet Security Team
• Why is having a local internet security team so important for businesses, especially those working with the DoD?
• What benefits does a local cybersecurity team bring over outsourcing security to a remote or third-party vendor?
• How does a local security team ensure that the specific needs of a business are met in terms of cybersecurity?
• Can a local security team respond more quickly to a cybersecurity incident than a remote team?
• What are some advantages of a local security team being familiar with local regulatory and compliance standards?
• How does a local internet security team integrate with a company’s overall IT strategy?
• What role does a local security team play in training employees to follow cybersecurity best practices?
• How do local security teams build a culture of security within a company?
• What unique challenges do local cybersecurity teams face compared to those working for larger, centralized organizations?
• How does a local internet security team contribute to business continuity and disaster recovery planning?
• What technologies or tools do local cybersecurity teams typically rely on to protect a company’s network?
• How does having a local security team enhance communication and collaboration during a security breach?
• What is the role of local cybersecurity teams in ensuring compliance with CMMC standards?
• How can local security teams proactively assess and mitigate risks specific to the business they protect?
• How does a local team foster trust and understanding among employees regarding cybersecurity practices?
• What are the long-term financial benefits for a business with a local security team, especially in preventing costly breaches?
• How does a local internet security team manage data protection, especially for sensitive government or DoD contracts?
• How does the presence of a local security team influence the company’s reputation with potential DoD clients?
• What are the risks of not having a dedicated local cybersecurity team, especially for smaller businesses involved with DoD contracts?
• How do local security teams stay ahead of emerging cybersecurity threats, especially those that could impact DoD contracts?

Website: Dewpoint.com

Dewpoint Delivers

Bringing Business and Technology Together is more than our tagline; it’s the way we support you every day. Since 1996, Michigan-headquartered Dewpoint has been solving business problems by applying technology. We are known for our depth and quality of services, our focus on your success, and our track record of client satisfaction. You can depend on our experienced, certified professionals to deliver the highest quality IT solutions and ensure your satisfaction.