Healthcare, government, military, construction and energy are just some of the industries that have strong compliance regulations. Hawaii businesses must be able to comply with these in order to grow and be profitable. While there are specific regulations that vary by industry, some cybersecurity requirements are common across sectors because they are based on common standards.
For industries that require certification of cybersecurity practices, it is critical for organizations to provide evidence of compliance with the required framework. Whether the framework is NIST SP 800-171 as required by the Department of Defense under the Cybersecurity Maturity Model Certification (CMMC) program, or other industry certifications and standards such as HIPAA or ISO, organizations must document their implementation of the different security requirements and controls and be ready to submit their compliance documentation and evidence for third-party review and validation when needed. Subcontractors and suppliers may also be required to demonstrate compliance to an independent assessor or auditor as well, to meet government or prime contractor mandated terms and conditions. Many small and mid-size businesses struggle with being able to generate, collect, organize, and retain the evidence necessary to adequately demonstrate compliance.
This event will focus on addressing requirements related to evidence gathering and third-party assessments. Using the CMMC program and NIST SP 800-171 requirements as an example, our presenters will explain concepts and best practices related to developing and organizing the evidence needed for successful assessment, along with the challenges prime contractors face in getting their suppliers and subcontractors to do the same.
Although the CMMC third-party certification program is currently being applied only within the DoD, the requirement to gather evidence in preparation for assessment can be viewed as a best practice for any business working in a regulated industry. Because evidence gathering and documentation processes can take a while to establish, they are the kinds of controls that all businesses should establish before they become mandates or risk losing business to competitors. It is also essential for prime contractors to ensure their supply chains are ready for assessment, and it can be extremely challenging for primes to develop adequate situational awareness of their supplier cybersecurity status. Once more industries and government agencies begin requiring third-party assessment of cyber compliance across the supply chain (as the DoD is currently pursuing), small businesses that don’t adequately prepare will miss out on contracting opportunities. Building awareness and initiating evidence-gathering processes in these areas makes a business more resilient, better prepared for assessment, and a lower risk from a partnership and subcontractor standpoint. Compliance can also provide a competitive advantage when bidding for new business.
Parking
Attendees will have to pay by scanning a QR code once they park and the rate is $1/hour.
A light breakfast will be available from 8:30am.