Zoom Logo

Sherry Savage's Personal Meeting Room - Shared screen with speaker view
Denise Bowman
13:29
can barely hear sherry
Robert Marraro
13:31
Good afternoon Sherry and all you fine PTACers from south Texas -- finally thawing out!
chart
14:05
hello from PTAC south florida :)
Nancy Brown - KYPTAC
14:24
If I can make a recommendation, please turn on the live caption for anyone who might has a hearing disability. Thank you.
Evangeline Gelladola - SOBRO/PTAC
14:26
Good afternoon everyone from SoBRO/PTAC
Elke Mosholder
14:41
Hello from El Paso COC PTAC
Nancy Brown - KYPTAC
15:00
have*
Southern Ohio PTAC
18:36
Everyone, please mute your mic
Lenora Leasure
18:37
Hearing a little bit of background noise - don't forget to mute yourself!
Max Franks
20:32
DLA co I have talked to are confuse about the difference between JCP and CMMC
Erica Quinley
22:25
Information on JCP here: https://www.dla.mil/HQ/LogisticsOperations/Services/JCP/FAQ/#:~:text=The%20Joint%20Certification%20Program%20%28JCP%29%20certifies%20Canadian%20and,and%20to%20the%20U.S.%20Department%20of%20Defense%20%28DOD%29.
Sherry Savage
22:30
please type questions into the chat box
Erica Quinley
22:48
JCP is access to info between US and Canada
Robert Marraro
23:00
Sherry-- can we get a copy of the slides so I can share it with the APTAC CMMC Working Group please?
Erica Quinley
23:07
Will a copy of these slides be made available?
Sherry Savage
23:29
yes, slides will be shared.
Kathy Stockman
24:13
When they are entering in their score into SPRS, in the Assessing Scope Field what should they be selecting n the drop down: Enterprise, Enclave or Contract?
Robert Marraro
24:18
Can we also receive the Excel worksheet?
Sherry Savage
24:40
yes, spreadsheet too.
Melissa Murphy
24:48
I think the screen froze.
Bryan Wallace -Maine PTAC
24:55
We're only seeing PPT
Melissa Murphy
24:57
We are seeing slide 10
Anna Vulaj
24:57
Not seeing spreadsheet
Billy Grill
24:58
I can only see the presentation and not the spreadsheet
Tim Scarborough
25:08
CAGE error issues incurred why registering for a Cyber Vendor role in SPRS is that your EBPOC in SAM must contact the Electronic Service Desk in Ogen Utah to set up their Contractor Account Administrator Manager (CAM). Until this is done, they cannot complete the Cyber Vendor role request in SPRS.
Cathy Fairbanks
26:34
Is this spreadsheet and mentioned handouts available to us?
Tom Gerke
26:41
Great to see so many Working Group participants on this webinar.
Sherry Savage
27:07
all documents shown today will be shared
Babatope Adedayo
27:24
Awesome, thank you.
Bob Crowther - Minnesota PTAC
28:47
To clarify, the self assessment and scoring, clients are to score all the 110 standards, and NOT only the 17 practices associated with Basic Hygiene - Level 1, which has been my take away from all other webinars I have attended.
Arlette Abrahamson MNPTAC
29:15
The screen is froze again
Bob Crowther - Minnesota PTAC
29:17
Screen did not change again
Robert Marraro
29:25
Bob -- so even if a company only wants/needs to be Level 1, they still have to shoot for a 110 score?
Jann Deane
29:31
screen is not moving
Dave Pease
31:46
What about all of the "not applicables" for Level 1 firms that don't handle CUI? Do they, by definition, always end up with a negative score?
Kathy Stockman
32:27
Project Spectrum has a CMMC ML 1 Readiness Assessment businesses can use.
Robert Marraro
33:33
As you go through the questions in this worksheet with clients or answer their questions after you give it to them, how do you handle describing or explaining what's needed to be done to meet the requirement?
Robert Marraro
34:14
Do you just tell them to go find an IT person for help, or how do you provide explanations?
Tom Gerke
34:21
Isn't this scoring pre-CMMC since CMMC is based on 7025 and not 7012 and 7019? It should form the basis for your POA&M and SSP. But, since CMMC doesn't allow for a POA&M this assessment scoring just provides a starting point for your gap assessments?
Tom Gerke
37:04
I think every PTAC should have a single POC that has attended the RP training. They should be able to advise through ML1 and advise on what needs to be done to get to ML3.
Bob Crowther - Minnesota PTAC
37:17
I agree Tom. It is to establish a baseline to get started with the SSP and developing a POAM,
Tim Scarborough
39:49
It's confusing that they keep mixing terms - CMMC versus NIST requirements. This is for NIST, not CMMC. The levels are different. NIST is now, CMMC is in pilot until 2025. Am I wrong?
Bob Crowther - Minnesota PTAC
41:35
What is confusing is, not all of our clients are part of the DIB. Many may only have to apply with the FAR requirement which has been in effect since 2016.
Abby Cheatham
42:14
sorry, no question
Abby Cheatham
43:05
thank you
Tim Scarborough
44:16
Agree Bob! Vast majority of the clients we assist are bidding on commercial acquisition and construction.
Robyn Young
44:32
Bob, according to Katie Arrington, all federal agencies will be moving toward CMMC here soon, therefore all of our clients doing business with the Federal government will need to working on this.
Tom Gerke
45:13
Thanks for sharing the Cross Timber tools. There are other free checklists out there. I can always be reached at tgerke@utah.gov if you have questions. Or, I think you should be able to ask questions on the CMMC Working Group on the APTAC site.
Robert Marraro
45:14
GSA and DHS are already starting as we speak to move toward their own CMMC programs.
Ken Bloch
46:24
The interim rule is driving this, specifically the 7019 SPRS filing requirement. But unless a firm expects to handle CUI, they don't have to comply with 800-171 (per 7019). I'd hate to have a client selling mugs to DLA Troop Support (with no CUI) embark on a full-blown 7012 assessment. So we need to be careful in how we advise on a full 800-171 assessment. Its not for every contractor, not even every DoD contractor.
Sue Crotts (NC PTAC)
48:50
Are these files available to us?
Tom Gerke
49:03
But they might have to comply with FAR52.204-21 which basically duplicates the NIST800-171 requirements.
Robyn Young
49:29
Pulled from the 7021 clause: All DoD contract on Oct. 1, 2025 and thereafter will have some level of CMMC, including acquisitions of commercial items(except those exclusively COTS items) valued at greater than the micro-purchase threshold (currently $10,000)
Ken Bloch
50:37
FAR 52.204-21 is for basic compliance only (15 requirements, not 110) Its equivalent to CMMC level 1
Tim Scarborough
50:55
CMMC is in pilot now with select agencies already identified and select solicitations during the pilot. Everyone else is 2025.
Tom Gerke
51:25
This is because you can define the boundaries of the system that is being certified.
Tom Gerke
52:18
Isn't it ISO 27000?
Bob Crowther - Minnesota PTAC
52:20
Basic is 15 right now under the FAR for civilian agencies, the CMMC splits a couple of the 15 to make it 17 practices for the Level 1 - Basic,
Tom Gerke
55:06
Use their equipment actually equates to extend the certified or accredited enclave.
Tim Scarborough
55:38
Let me clarify, phased roll out through 2025. See question 26: https://www.acq.osd.mil/cmmc/faq.html
Ken Bloch
55:45
Wait, subs don't have to work at the Prime's level per 7021. They just have to be certified to whatever level of info that they will process, "at the CMMC level that is appropriate for the information that is being flowed down to the subcontractor"
Melissa Murphy
56:21
Can you please repeat who this does not apply to? Micropurchase and ?
Tom Gerke
56:31
COTS
Tom Gerke
57:52
Nobody will get certified at Level 2. It is a transition level. Costs for assessment are based on the market so that should be competitive.
Ken Bloch
59:02
Tom: More important, COs will never issue an RFP for Level 2. Contracts either have CUI (level 3) or not (level 1)
Theresa C-H, she/her/hers
01:02:22
Am I the only one without sound?
Bob Crowther - Minnesota PTAC
01:02:28
The enclave follow the flow of specific CUI and the type of information they may or may not have a needto know.
Anna Vulaj
01:03:45
They would do that for ITAR related items
Dave Pease
01:03:51
A single CAGE with multiple enclaves would have difficulty entering a score for each enclave in SPRS, no?
Tom Gerke
01:04:33
They would need a separate SSP and POA&M I suppose.
Dave Pease
01:05:05
And a separate CAGE, I think.
Tom Gerke
01:05:24
core solutions also has a 6 session course.
Bob Crowther - Minnesota PTAC
01:06:17
They have to map each CAGE code separately from what I understand.
Jacquie Spearman
01:06:58
will you send us these documents?
Sherry Savage
01:07:06
yes
Robert Marraro
01:08:27
My concern as things currently stand is our Center will meet with Level 1 companies that'll just throw up their hands when we dump all of these materials on them and expect them to figure it out on their own nothwithstanding what Sherry is saying.
Bob Crowther - Minnesota PTAC
01:08:45
I have question about the PIEE?
Rogina Coar-Smith
01:09:18
Do we need to sign up to receive these documents?
Bob Crowther - Minnesota PTAC
01:09:25
Can we register to set-up an account in PIEE to access SPRS?
Dave Pease
01:10:51
If you have a WAWF account, you can apply for access to SPRS. However, if, like me, you only have one authorized user, you have to go to the SPRS helpdesl for authorization.
Tom Gerke
01:13:33
https://www.sprs.csd.disa.mil/webtrain.htm
Jacquie Spearman
01:13:35
I agree. A test environment allows us to best guide our clients
Robert Marraro
01:13:37
Or, even train the trainer materials we can all use.
Sue Crotts (NC PTAC)
01:14:02
Access to test site would be helpful.
Tim Hicks
01:14:39
Thanks for the presentation, I was running late but lots of great information!
Robert Marraro
01:14:40
Thanks for the guidance and insights! Excellent information.
Rogina Coar-Smith
01:14:45
Thank you for scheduling this.