Compliance, Insider threat, Security awareness, Threat intelligence, Vulnerability management

CMMC Program and the DIB Preparation, Part 2 – Doug Landoll – SCW #75

Doing business with the Federal government has always had its share of requirements and regulations, especially when it comes to storing, processing, or transmitting any sensitive data. In fact, organizations doing business with the Federal government involving sensitive data are well acquainted with the cybersecurity controls they must implement based on controls from well-known frameworks such as the National Institute of Standards and Technology (NIST) Special Publication 800-53 (NIST SP 800-53) and NIST SP 800-171. However, in the last several years these controls (and the method by which organizations must demonstrate compliance have drastically changed, culminating in the Cybersecurity Maturity Model Certification (CMMC) Framework.

Segment Resources:

Official DoD Acquisition Site for CMMC Program Info: https://www.acq.osd.mil/cmmc/

Official Site of the CMMC Program: https://cmmcab.org/

Official NIST Site for publications such as 800-53, 800-171: https://csrc.nist.gov/publications

Full episode and show notes

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Doug Landoll
Doug Landoll
CEO at Lantego

Douglas Landoll has over three decades of information security experience. He has led security risk assessments and established security programs for top corporations and government agencies. He is an expert in security risk assessment, security risk management, security criteria, and building corporate security programs and the author of three cybersecurity books.

His background includes evaluating cybersecurity at the National Security Agency (NSA), North Atlantic Treaty Organization (NATO), Central Intelligence Agency (CIA), the Federal Bureau of Investigations (FBI), and other government agencies; co-founding the Arca Common Criteria Testing Laboratory, co-authoring the systems security engineering capability maturity model (SSE-CMM); teaching at NSA’s National Cryptologic School; and speaking at national and international cybersecurity conferences.

Doug has founded or directed four information security firms including the southwest security services at Exodus Communications, Veridyn (sold to EnPointe Technologies), the Risk and Compliance Management division at Accuvant (now Optiv) and Lantego. Doug is currently the CEO of Lantego, specializing in risk assessment, policy development, and training. He is a CISSP. He holds a BS degree from James Madison University and an MBA from the University of Texas at Austin.
In his 30+ years in the industry he has performed over 100 cybersecurity risk assessment, written policies for scores of organizations, and instructed over 2500 CISSP and CISA candidates. Doug Landoll is dynamic speaker, perceptive author, and information security expert, who always brings a unique mix of business strategy, keen insight, and technical know-how to current cybersecurity topics.

Hosts

Jeff Man
Jeff Man
Information Security Evangelist at Online Business Systems
Fredrick "Flee" Lee
Fredrick "Flee" Lee
CSO at Gusto
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO
Scott Lyons
Scott Lyons
CEO at Red Lion
prestitial ad