Cyber Thursday: Determining Your Real CMMC Compliance Responsibilities

Not every Defense contractor handling federal information needs CMMC Level 2—and not every contractor who believes they are exempt actually is. This Cyber Thursday session helps Defense contractors determine their real CMMC compliance responsibilities by walking through the questions that define scope: what type of information flows through a contract (FCI vs. CUI), which cybersecurity clauses appear in the solicitation, where data is stored and processed, and how flow down requirements from prime contractors can change a contractor’s obligations.
This session will cover how to read contracts for cybersecurity requirements, how to identify CUI when it is not explicitly marked, the differences between CMMC Levels 1, 2, and 3, and common scoping mistakes that cause contractors to over invest, under invest, or miss CMMC requirements entirely. Contractors who are uncertain whether CMMC applies to them, who have been told it does and want confirmation, or who are trying to right size their scope before pursuing CMMC will leave with a clearer understanding of their actual obligations.

Speaker: Matt Frost, Government Contract Specialist, Wisconsin Procurement Institute – WI APEX Accelerator