April 12-15 | Marriott Downtown at CF Toronto Eaton Centre, Canada

CMVP Impacts on DoD’s New Cybersecurity Maturity Model Certification (CMMC) Program (C22b)

Understand how CMVP requirements shape DoD’s evolving Cybersecurity Maturity Model Certification.
22 Apr 2026
14:00
Studio D

CMVP Impacts on DoD’s New Cybersecurity Maturity Model Certification (CMMC) Program (C22b)

The Department of Defense (DoD) is implementing a third Supply Chain Risk Management program that will require companies receiving sensitive information to implement NIST SP 800-171 and then undergo a third-party cybersecurity Maturity Model Certification (CMMC) assessment. With the rest of the Federal Government, other nations, and some states beginning to roll out NIST SP 800-171 compliance requirements, this SRCM effort will impact companies worldwide. One of the challenges with CMMC is that NIST SP 800-171 requires contractors to use validated FIPS 140-2/3 cryptography. This can force companies to rebuild infrastructure and change operations to meet conformity requirements. It can also put companies at odds with the need to patch their environment to reduce operational cybersecurity risks. The speaker is a thought leader in CMMC; leads a CMMC 3rd Party Assessment Organization (C3PAO); is one of the first CMMC Certified Assessors; and develops CMMC training curriculum used globally.