Cyber Insurance, NIST SP 800-171, and CMMC 2.0

Показать описание

In this session from #CS2DC hear from Robert Metzger - Mitre Consultant, Co-Author 'DELIVER UNCOMPROMISED,' Renowned Attorney:

Cyber insurance is for enterprise protection. #CMMC is for #DoD compliance. Insurers are becoming increasingly rigorous in the “due diligence” they conduct of companies before they write cyber insurance. Coverage prices are going up, limits are coming down, and exclusions are increasing. Some companies are finding they can’t afford the coverage offered, while others can’t get coverage at all. This session will explore what companies can do to preserve the insurance they have, demonstrate security that insurers now are likely to expect or demand, while fitting these near-term actions into the measures and plans of action that will prepare for CMMC assessment and certification requirements. The objective is to align actions taken now to get and keep cyber insurance coverage with parallel actions for CMMC readiness.

Рекомендации по теме

Комментарии

Excellent presentation with real world advice. Been dealing with insurance x compliance for multiple companies and using similar approach. Starts at security w insurance and bridge the gap w compliance.

Alex-xxyc

Hogwash. To be perfectly clear: The DOD OWNS their own CUI. For them to then try and push both the responsibility and costs on storage and handling onto third parties (Primes and Subs), while expecting the "landlords" to eat the costs upon a promise of a potential contract later, is just not workable.

Since the Federal Government is now obsessed with pronoun usage, If the Federal Government wants to carry out THEY’RE "Constitutionally Mandated obligations to secure OUR Nation", then THEY must understand that fact that THEY own the CUI, and THEY dictate the controls and storage of CUI, and therefore THEY will pay to have those controls and storage implemented for THEIR OWN CUI.

None of the CMMC Regulation for Accountability makes any sense because the DOD is obviously trying to offload National Security back onto the people they are taxing and tasked with securing.

The CMMC boondoggle IS the equivalent of telling companies to hire their own consultants to figure out ways to defend their airspace with homemade anti-aircraft missiles.

National defense IS the sole province of the Federal Government. It cannot be shrugged-off back onto the people the government is supposed to be defending.

apstech

Cyber Insurance, NIST SP 800-171, and CMMC 2.0

Cyber Insurance, NIST SP 800-171, and CMMC 2.0

The NIST SP 800-171 Explained

What Exactly Is NIST? | NIST 800-171 Cybersecurity | Columbia, MD | Advantage Industries

Unravel the Mystery of NIST SP 800-171 and the System Security Plan!

NIST SP 800-171: System Security Plan Mistakes To Avoid

🕵️‍♂️🔍📈 Uncovering the 🔝 Differences Between 💠CMMC & NIST SP 800-171 🛡️...

🔓🔑 Unlocking Your NIST SP 800-171 Compliance: 💡 The Secret Solution 💡

NIST 800 171 Rev3 - IPD Overview

Make NIST SP 800-171 A Framework Again

How to: Determine Your NIST 800-171 SPRS Score

NIST CSF vs ISO 27002 vs NIST 800-171 vs NIST 800-53 vs Secure Controls Framework (SCF)

What Are the Differences Between NIST 800-171 and CMMC?

Predicting Changes to NIST SP 800-171 Revision 3

Understanding The (Cyber) Insurance Business

NIST SP 800-171 Rev 3 Update by Victoria Pilliteri

System Security Plan How To for CMMC and NIST SP 800-171 DoD self assessment

What is Cyber Insurance? (w/ Daniel Kasper)

TSM NIST SP 800-171 Compliance Guide | RackFoundry Total Security Management

056 Abacode Cyber Assessments for NIST 800-171

How to Master NIST 800-171 Assessment Scope

NIST 800-171: Policy Documentation and Management Made Simple

Estimating the Cost of NIST SP 800-171

CMMC 2.0 and NIST SP 800-171 - What to Expect in the Coming Year

NIST 800 171, Best Practices Webinar