Skip to main content
NEW user Webinars posted! Click here
Sign in MENU

1 February 2023 FutureFeed Bi-Monthly User's Webinar

Chase Berman
  • Updated

 

Copies of the presentation slides can be downloaded from FEB 2023 FutureFeed User Presentation.pdf

Register for our 15 Minutes with FutureFeed sessions here.

View upcoming FutureFeed and industry events here.

Webinar Description

In this month's session, we addressed:

  • Events
    • Compliance Week Cyber Risk and Data Privacy Virtual Summit – Feb. 15-16
    • CUI-CON – Feb. 23-24
    • CS2 Huntsville – Mar. 7-8
    • CMMC Day – May 15
    • CIC2023 rev 2 – July?
    • 15 Minutes with FutureFeed
  • NEW Platform Features (and improvements)
    • Micro-Training Videos
    • RACI Model
    • Inheritance
    • Objective and SSP Layout Changes
    • Deliverables Themes
    • Bulk Creation
  • Industry Updates
    • Rulemaking Update
    • CCP and CCA Training and Exams
    • Joint Voluntary Surveillance Program

All prior webinar recordings are available on our support site.

Speakers:

Mark Berman - CEO

Jim Goepel - Director of Education and Content, General Counsel 

Webinar Index

02:45 Agenda

04:23 Events

  • Upcoming industry events are coming up! See which ones are of interest to you on our Events Page.
  • Bi-Monthly FutureFeed User Webinars
    • Next webinar is on April 5th
  • CIC2023 Recap
    • Poll: Should the next CIC2023 by in July 2023 or January 2024
      • Majority vote for July 2023!
    • Poll: Where should the next CIC2023 be held?
      • Majority vote for Washington, DC/Baltimore

12:30 New and Upcoming Features

  • Micro Training (12:30)
    • Training videos to provide control guidance
      • 3 video types
        • Domain, Control, and Evidence
    • Special thanks to our Micro Training Presenters
    • Live platform demo of the videos and locations (14:10)
  • RACI - Teams and Roles (18:08)
    • Identify the different components of accountability using the RACI model
      • Teams and Individuals:
        • Responsible, Consulted, Informed
      • Specific Roles:
        • Accountable
    • Helps the organization:
      • Clearly define roles and responsibilities
      • Ensure that everything runs according to policy.
    • Helps the Assessment Team:
      • Easily identify who to interview for each control, document, tool/service, etc.
  • Inheritance Updates (23:19)
    • One-click company SRM
    • Inheritance is also illustrated as part of the Team Dashboard
      • Click the "Details" icon to view the page that indicates the SRM for your organization at the Objective and Practice levels
  • Objective and POA&M Updates (29:23)
    • Improved Objective dashboard format that now includes RACI
    • Robust text added to the POA&M items that are made from the Objectives
  • Potential Assessment Consideration Questions (PACs) (32:39)
    • Outcome Statements are deprecated; they have been superseded by Potential Assessment Consideration Questions
      • The Implementation Details written for each question help enhance the information in the SSP and give the Assessor additional information they need to assess the environment
  • New SSP Layout (36:39)
    • Use the SSP for internal and external purposes
      • Internal: Organizational collaboration and workflow
      • Externally: For the Assessor to use
    • A list of Implemented and Not Yet Assessed items to provide a more dynamic SSP on a control-by-control view
      • Implemented:
        • Objectives Met
        • Delivered PACs & Questions
        • Supporting Inventory
        • Documents
      • Not Yet Assessed:
        • Objectives
        • Needed Improvements 
          • Additional Actions to Improve Met Objectives 
          • PACs & Questions
          • Supporting Inventory
          • Documents
    • Interactive Features
      • Marking items as complete
      • Confidence Meter
      • Discussions
      • Summary Notes
  • Deliverable Themes (42:17)
    • New Themes
      • No Images
      • Technology
      • Military
      • Canine (for fun)
  • Bulk Creation (44:10)
    • Teams
      • Create the Teams Referenced in NIST SP 800-171A and the CMMC Assessment Guides
      • Teams are automatically tagged with, and appear in, Related CMMC Practices
    • Documents
      • Select from available template documents to quickly create the documents you need
      • Create them all in a single click
      • Documents are automatically tagged with related controls
      • Document Options
        • Copy – Creates an editable document based on the template document.
        • Link – Creates a reference (read-only) to the template document. Template document content is viewable in your subscription but is not editable.

51:23 Industry Updates

  • Rulemaking Status
    • Several different efforts that are all interacting, slowing the process
      • Finalization of -2019 and -2020 rules
      • FAR-level CUI clause
      • FAR-level cyber incident reporting requirements
      • FAR-level consolidation of cyber-related requirements
      • Retooling of several different DFARS sections to make CMMC effective
    • DoD working internally and with other agencies to get things “right”
    • Still not released to OIRA yet, but likely soon (Feb.?)
      • Probably public in May (90 days after release to OIRA)
  • CCP and CCA Training and Exams

    • Certified Professional (CCP)

      • 144 CCPs already listed in the Marketplace
      • Training is available through Licensed Training Providers (LTPs) including:
        • Edwards Performance Solutions
        • Phoenix TS

    • Certified CMMC Assessor (CCA)

      • Courses officially started in January.
      • Exam launched Dec. 16, 2022.
      • Several (at least dozens) people have taken the CCA exam.
      • CCAs are not listed on the Cyber AB website yet.
      • 179 PAs must transition to CCA by June 16th.
      • 3-assessment requirement is still in place to finalize your CCA and receive certification.
      • HOWEVER, it is NOT required to continue from CCP to CCA training.
  • C3PAOs and Joint Voluntary Surveillance Program
    • 35 Authorized C3PAOs
    • Hundreds pending
    • DIBCAC and C3PAOs conducting voluntary “joint surveillance” reviews of companies
    • Successful reviews expected to result in CMMC certifications
    • Several successful review so far
    • To volunteer, contact an authorized C3PAO
  • Cyber AB CAP Comment Matrix Released 
    • Matrix based on feedback they received on the CMMC assessment plan
      • 540 Comments
      • Organized by topic, page, section, and source
      • No feedback from the Cyber AB about the comments
      • CAP will not be final until rulemaking is final

Questions? Email support@futurefeed.co

Related articles

Comments

0 comments

Please sign in to leave a comment.