Oct 2020: Cybersecurity Maturity Model Certification (CMMC)
The US has historically taken a fairly minimalist approach to cybersecurity regulation, but recent years have evidenced a trend toward increasing regulation. The latest in this trend is the US Department of Defense’s “Cybersecurity Maturity Model Certification” (CMMC). CMMC has garnered quite a bit of attention recently, as it intends to impose cybersecurity compliance requirements on the entire Defense Industrial Base (DIB), over 300,000 organizations (including some universities). CMMC has emerged at a breakneck pace, and there is still a great deal of uncertainty regarding who is impacted, what is required, and how organizations should respond.
This talk will 1) introduce US cybersecurity regulation and compliance generally; 2) provide the background and context leading to CMMC; 3) overview CMMC; and 4) suggest approaches for thinking about cybersecurity compliance moving forward.
Speaker Bio:
Scott Russell is a Senior Policy Analyst at the Indiana University Center for Applied Cybersecurity Research. Scott was previously the Postdoctoral Fellow in Information Security Law & Policy. Scott’s work thus far has emphasized private sector cybersecurity best practices, data aggregation and the First and Fourth Amendments, and cybercrime in international law. Scott studied Computer Science and History at the University of Virginia and received his J.D. from the Indiana University, Maurer School of Law.