CMMI Institute

Capability Counts 2020

21 April & 22 April, 2020

Crystal City, , VA

Register Now

Speaker Profile

Joanna Patterson, Director

CACI

About

Dr. Patterson has more than 20 years’ experience as an Information Technology (IT) professional with strong expertise in IT Management, Risk Management, and IT Security. Demonstrated expertise in establishing and implementing information security compliance programs to include ISO/IEC 27001 and NIST 800-171 programs.

Extensive experience with ISO 9001:2015, ISO 20000:2011, CERT Resilience Management Model, CMMI for Services, and CMMI for Development. Successfully achieved CMMI ML 5 for Services and Development.

Doctor of Business Administration, Information Systems Management.

Masters of Business Administration, Information Security Management

SPEAKER PRESENTATION

Leveraging the CMMI Model for Cyber Compliance

Conference Track: Security

Learn how to leverage existing compliance with the CMMI model to comply with the DoD Cybersecurity Maturity Model Certification CMMC. The CMMC is one of the most progressive and aggressive industry requirements introduced in recent years. The need for a structured, policy driven cybersecurity program is paramount. This presentation will combine the perspectives of an industry leading expert in operational excellence methodologies and an expert in cybersecurity compliance. The presentation will highlight the similarities and differences in the CMMI and CMMC models. Additionally, guidance will be provided on how to engrain security into existing quality programs versus starting over.

Understanding the CMMC within the Security Landscape of Other Models, Regulations, and Standards

Conference Track: Tutorial

Additional fee to attend: $250 Using existing models (CMMI, RMM), regulations (CFR, DFARS), and Standards (NIST, ISO) to help explain and obtain compliance to CMMC. This tutorial will cover the requirements for compliance and understanding of the new CyberSecurity Maturity Model Certification. This includes the Taxonomy of Maturity Levels, Processes and Capabilities. We will be using the CMMI V2 to explain what CMMI Practice Areas Fully Correlate, Largely Correlate, Partially Correlate and where they Do Not Correlate to the 17 Domains in the CMMC requirements. Where is Partially or Does Not Correlate we will bring in other models and standards (CERT RMM and ISO 27001) that are in the listed in the CMMC Appendix within the Capabilities for each Domain and explain what they mean and how to meet thee requirements. The majority of the CMMC Domains originated from the Federal Information Processing Standards (FIPS) 200 security-related areas and the NIST SP 800-171 control families.