Thursday, September 14, 2023, 4:00 PM ET
SYNOPSIS
Prime contractors are bracing for impact as supply chain cyber risk heats up. With CMMC now in the final stages of rulemaking, subcontractors are under increased pressure from their primes to get ready – and in the meantime, prime contractors are facing increased scrutiny from the government on how they manage cyber risk across the supply chain.
On Thursday, September 14, 2023 at 4:00 PM ET, we held Webinar #23: “Double Trouble: How Primes Are Responsible for Subcontractor Compliance”, the newest webinar in our DFARS/NIST/CMMC cybersecurity compliance series.
We were pleased to bring back featured guest speaker John A. Ellis, co-founder of the DCMA’s DIBCAC (Defense Industrial Base Cybersecurity Assessment Center), to provide the latest updates and insight on the DIBCAC’s plans to increase oversight of prime contractor efforts in managing supply chain cyber risk.
John Ellis explained what the government expects primes and their suppliers to be doing to address their compliance responsibilities even before CMMC starts appearing in contracts, and how the DIBCAC intends to evaluate prime contractor effectiveness in ensuing suppliers are compliant before sharing CUI.
We also welcomed Meghan Doherty, counsel with Pillsbury Winthrop Shaw Pittman, LLP, to provide insights on flow-down clauses and the importance of ensuring that CUI is protected across multiple tiers of the supply chain.
The National Contract Management Association (NCMA) features an article from eResilience on this subject in the September issue of their Contract Management magazine, and the webinar on Sept. 14th went into more detail about topics covered in the article and beyond, including:
– Expected impacts from supplier non-compliance and strategies to minimize supply chain attrition
– Blind spots for primes to watch out for that could cause significant problems in supply chain cyber risk management
– What happens after SPRS? The importance of evidence-gathering and CMMC prep
Please share this information with any colleagues who may be interested; and if you’re a prime contractor you should encourage ALL of your CUI-handling subcontractors to attend.
NOTE: After September 1, you will be able to access the NCMA “Double Trouble” article on their website at https://ncmahq.org/Web/Web/Insights/Contract-management-Magazine.aspx
ABOUT OUR PRESENTERS
John A. Ellis
Director, Defense Contract Management Agency’s (DCMA) Software Division
John A. Ellis has been a leader in the DCMA’s effort to improve cybersecurity compliance across the Defense Industrial Base. As a co-founder of the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), Mr. Ellis was instrumental in developing the DoD NIST SP 800-171 Assessment Methodology and associated Basic Assessment scoring formula. Mr. Ellis, a retired Army Colonel, served on active duty for more than 30 years. Commissioned a second lieutenant in the Field Artillery in May 1985 and becoming a member of the Army Acquisition Corps in 1995, he served in a variety of assignments until his retirement 1 June 2015. He held assignments both stateside and abroad. Mr. Ellis’ DCMA experience began as the Commander of the Future Combat Systems (FCS)/Army Modernization Programs (AMP) contract management office in St. Louis, MO and he culminated his active duty career as DCMA’s Central Region Commander. Mr. Ellis is a Member of the Defense Acquisition Corps and is Level III certified in 3 disciplines: Information Technology; Program Management; and Engineering. John is also a Certified Information Systems Security Professional (CISSP).
Meghan D. Doherty
Counsel, Pillsbury
Meghan Doherty represents clients in a wide variety of matters including bid protests, cybersecurity, M&A, size protests and appeals, claims, and suspensions and debarments. She regularly advises clients on cybersecurity compliance issues including compliance with the Cybersecurity Maturity Model Certification (CMMC) framework. Meghan also has an active pro bono practice.