August 24, 2021
Cybersecurity Maturity Model Certification - Bryan Graf, Abacode
Continuing our Cybersecurity theme from our prior meeting, this month Bryan Graf of Abacode will be bringing us up to speed on Cybersecurity Maturity Model Certification. Bryan will be sharing his Playbook Approach to Cybersecurity Success.
The Cybersecurity Maturity Model Certification (CMMC) is now a requirement for contractors servicing federal agencies and access or store federal contract information (FCI) or controlled unclassified information (CUI).
Unlike NIST 800-171, ALL contractors with FCI and CUI access will be required to achieve certification from an independent third-party assessing organization (3PAO) to secure defense contracts. CMMC requires management commitment, adherence to specific security practices, and documented processes depending on the required maturity level.
Bryan's presentation will cover:
Bryan Graf is an experienced cybersecurity and compliance practitioner and thought leader at Abacode. He started his career at KPMG performing IT security audits. He spent 10 years performing, managing, and directing audits over many different audit standards and industry silos. As FedRAMP practice leader at Schellman, his organization was one of the first audit firms to become a FedRAMP 3PAO. He has served as a CISO for a healthcare plan benefit management organization, responsible for overseeing a successful HITRUST program implementation. He is now the practice leader and senior vice president of business development, reaching out and educating customers on Abacode's services.
- What is CMMC?
- What is CUI and FCI?
- What are practices and processes, and how do they affect my current operations?
- What is required to be compliant with CMMC?
- What should you be doing now to prepare?
For information on usual meeting locations and times as well as previous
meeting minutes and presentations please refer to the
For further information or enquiries regarding meetings please
contact the SOUG meeting coordinator.