Follow the CUI: Setting the Boundaries for your CMMC Assessment

One of the primary drivers of the Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) is the congressional mandate to reduce the risk of accidental disclosure of controlled unclassified information (CUI). However, a full CMMC assessment can seem daunting to organizations in the Defense Industrial Base (DIB), and many might not know where to start. In this webcast, Model Architects Gavin Jurecko and Matt Trevors will review several steps for identifying CUI exposure in terms of their critical services and the assets that support them. This approach can help DIB organizations properly scope a CMMC assessment and contain the costs of protecting CUI.

Speaker and Presenter Information

Matt Trevors is a Technical Manager for Carnegie Mellon's Software Engineering Institute. Matt has more than 20 years of experience in information technology, information security, and secure software development strategies. Matt obtained him Master's in Computer Information Systems from Boston University and his Bachelor's in Computer Science from the University of New Brunswick. Matt also holds the CISM, CISSP, CISSP-ISSAP, and CCSP professional credentials.

Gavin Jurecko is a senior member of the technical staff within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. Prior to working at the SEI, Mr. Jurecko has worked within the nuclear and transportation sectors implementing cybersecurity plans, programs, and communication system designs.