There is a critical need to improve and enhance cybersecurity, cyber resilience and the overall security of the supply chain for the United States Department of Defense.
The Role of Cybersecurity Standards in Advancing Supply Chain Risk Management.
A webinar with: Dr. Ron Ross, John Weiler, Phil Lewis and Matt Malarkey.
How can the roles of cybersecurity standards such as NIST 800-171 and 800-172, together with the Cybersecurity Maturity Model Certification (CMMC), better enable government contractors to achieve their cybersecurity goals?
This 60-minute discussion with Dr. Ron Ross and our expert panellists, uncovered valuable insights into key themes:
- The importance and role of standards in improving security and resilience in the federal supply chain
- The use of controls to buy-down cybersecurity risk
- The role of evidence in supply chain risk management
- The relationship between compliance and security
Dr. Ron Ross
National Institute of Standards and Technology fellow, and principal architect of the NIST Risk Management Framework
Dr. Ross is a Fellow at the National Institute of Standards and Technology (NIST). His focus areas include computer security, systems security engineering, trustworthy systems, and security risk management. He currently leads the NIST Systems Security Engineering Project which includes the development of standards and guidelines for the Federal Government, Contractors, and the United States Critical Infrastructure.
Dr. Ross also previously serviced as the Task Leader for the Joint Task Force, an interagency group that includes the Department of Defense, Office of the Director National Intelligence, U.S. Intelligence Community, and the Committee on National Security Systems, with responsibility for developing a Unified Information Security Framework for the federal government and its contractors. He also served as the project leader for the Federal Information Security Modernization Act (FISMA) Implementation Project and is the former Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency.
Dr. Ross has authored and co-authored many publications which include Federal Information Processing Standards, security categorization, security requirements, security assessment, enterprise risk management, risk management frameworks, and systems security engineering and cyber resiliency.
Dr. Ross has received numerous public and private sector awards including, the Presidential Rank Award, Samuel J. Heyman Service to America Medal for Homeland Security and Law Enforcement, Department of Defense Superior Service Medal, and more.
Co-Founder, IT Acquisition Advisory Council, SCRM CoE, and Information Technology Management, Solution Engineering and Architecture expert
With over four decades of senior IT experience in Fortune 100 companies (including May Department Stores, Giant Food, and Boeing), non-profit organizations (including Object management Group, Interopm and Clearinghouse) and high-technology companies (including Oracle, Excalibur, Kodak), John Weiler is a recognized IT Management Leader. He has upheld senior non-profit leadership roles, guiding emerging standards, embracing commercial standards of practice, and advancing emerging technologies using advanced Architecture, Technology Business Management, and Agile Decision Analytical frameworks.
John has deep partnerships with leading industry groups and congressional committees that have led to the drafting of major IT reforms including FITARA, EO13800, NDAA Sec803/893, and IT MGT Act. He is also Co-Founder of the IT Acquisition Advisory Council, a public/private “do tank” dedicated to effecting the transformation of Federal IT Management, Acquisition, and Governance.
In 2019 John was selected as a founding board member of DOD’s new CyberSecurity Maturity Model initiative called CMMC-AB, and after a year of public service, departed to set up the CMMC Center of Excellence (CMMC-COE.org) with the support of the Nation’s leading industry groups, standards bodies, universities, and forward-thinking agencies.
Currently, John is responsible for the CMMC SCRM COE portfolio, working to provide a collaboration point for cybersecurity coordination, communication, and best practice standards to support the supply chain for the United States Public Sectors, its NATO/ EU Allies, and Private Sector companies.
CEO of Titania
With an extensive business background and particular focus on technology and cybersecurity, Phil Lewis works closely with organizations and partners to address fundamental cyber risk management challenges by delivering cyber hygiene at scale through accurate, timely and enterprise-wide configuration security. Having worked in information security across enterprise and government organizations, national security, law enforcement, and communication service providers.
Phil is passionate about security concerns and his deep market knowledge is crucial to ensuring Titania products are continuously evolving to solve marketing challenges for both present and future concerns.
Co-chair of the CMMC CoE Supply Chain Working Group
With first-hand experience advising government and private sector stakeholders on key issues including security, policy, regulation and more, Matt Malarkey is well versed in the risks posed to national and international organizations and the importance of network resilience.
Previously based in Washington, DC as the UK Department for International Trade’s Head of Sector for defense, security and space at the British Embassy, Matt now focuses on strengthening relationships with long-standing military and federal customers that are looking to scale cyber hygiene and risk management framework assurance across their enterprise.