Sedial eiusmod tempor
Lorem ipsum dolor sit amet, consectetur adipisici elit, sed eiusmod tempor incidunt ut labore et dolore magna aliqua. Idque Caesaris facere voluntate liceret: sese habere.... Read More
The Global Forum For
Established, Integrated Information Security Management Systems
Internationally Accepted Certification Standards
Enterprise-Wide Planning for Organizational Resilience
See the Agenda
Opening Keynote Speaker
Matt Goodrich
FedRAMP Director, GSA
Keynote Presentation on FedRAMP for the Security Authorization of Cloud Computing
Speaker Biography
Plenary Keynote Speaker
David Lacey
Managing Director, David Lacey Consulting Ltd
Keynote Presentation on Cybersecurity Risk and Compliance: Past, Present and Future
Speaker Biography
Cloud Compliance Keynote Speaker
Michael South
Principal Business Development, Amazon
Keynote Presentation on Security & Compliance: A Driving Force Behind Moving to the Cloud
Speaker Biography
Cross-Compliance Keynote Speaker
Erika Voss
Head of Information Security, Risk, and Compliance, Zillow Group
Keynote Presentation on The Road to Compliance Starts with You
Speaker Biography
Data Privacy Keynote Speaker
Jonathan Cantor
Acting Chief Privacy Officer and Chief Freedom of Information Act (FOIA) Officer, Department of Homeland Security
Keynote Presentation on Data Privacy
Speaker Biography
Who we are
Donec id elit non mi porta gravida at eget me tus. Sed posuere consectetur estat lobo rtis. Cum sociis natoque.
Learn MoreWhat we do
Donec id elit non mi porta gravida at eget me tus. Sed posuere consectetur estat lobo rtis. Cum sociis natoque.
Learn MoreWhy us?
Donec id elit non mi porta gravida at eget me tus. Sed posuere consectetur estat lobo rtis. Cum sociis natoque.
Learn MoreSubscribe for updates
Speakers
Program
This conference run through all 4 days from 23 - 26 May 2016.
We also provide free lunch and coffee break in each day.
We also provide free lunch and coffee break in each day.
Day 1
30 Sep 2020
Day 2
31 Aug 2021
Day 3
09 May 2022
Day 4
10 May 2022
Day 5
15 May 2023
Day 6
16 May 2023
Day 7
04 May 2024
Day 8
06 May 2024
Day 9
07 May 2024
Day 10
08 May 2024
Day 11
07 Mar 2025
Day 12
05 May 2025
Day 13
06 May 2025
Day 14
07 May 2025
Day 15
04 May 2026
Day 16
05 May 2026
Day 17
30 Sep 2020
Day 18
25 Aug 2020
Day 19
30 Sep 2020
Day 20
09 Oct 2018
Day 21
10 Oct 2018
Day 22
09 Oct 2018
Day 23
10 Oct 2018
Day 24
09 Oct 2018
Day 25
10 Oct 2018
Day 26
09 Oct 2018
Day 27
10 Oct 2018
Day 28
09 Oct 2018
9:00 am
Opening Keynotes Session (L00A-B)
Session L00 Moderator: Jeff Sinclair, VP Sales, PacStar
Jeff Sinclair
9:10 am-9:50 am
DoD Keynote: CSfC in Army Modernization (F0b)
This talk will address: Army modernization overview & challenges; C5ISR Center role and mission; How CSfC helps us modernize; Emerging needs and desired technologies we could use.
Brian Lyttle
10:50 am-11:20 am
NIAP Update (F1a)
Matthew Downey
11:50 am-12:20 pm
Tracing Zero Trust Requirements to CSfC Requirements (F1c)
This talk will use latest NIST SP 800-207, Zero Trust Architecture document to (1) Provide a trace of current Mobile Access Capability Package requirements to (a) The NIST... Read More
Edward Jennings
11:20 am-11:50 am
HSM 101 (F1b)
Hardware Security Modules are a fundamental system component acting as a vault for all things crypto. TRNG, non-repudiation, integrity, m of n access scenarios, attested private key generation will be... Read More
Dan Jeffers
12:20 pm-12:50 pm
Automated Enrollment of Certificates in CSfC Solutions (F1d)
As CSfC solutions are becoming more common and more complex, the need for a mechanism to enroll and automatically re-enroll certificates for the various components of the solution is becoming... Read More
Ursula Baraniewski
Ken Rich
Registration Submission Best Practices and Tips—Viewpoints from CSfC Advocates (F2a)
In this discussion session, a panel of reviewers from the CSfC PMO will each share a few tips and then open it up for Q&A.
Mike Devine
Andrew Marsh
Mark Katzen
Mohammed Abaza
Brent Hildebrand
3:10 pm-3:40 pm
CSfC Industry Lessons Learned: Missives from the Trenches (F3a)
Developing and deploying CSfC solutions requires mastery over a complex set of requirements and processes—from FIPS and Common Criteria evaluations, interoperability testing, and development of procedures to systems and platform... Read More
Charlie Kawasaki
3:40 pm-4:10 pm
AFSOC—Wearable Wireless Network (WWN) (F3b)
This talk will touch on the design, development, and deployment of a CSfC Multi-domain, Multi form-factor, and Multi transport capability for Air Force Special Operations Command (AFSOC). WWN is the... Read More
Matt Cohen
4:10 pm-4:40 pm
A Case Study on CSfC Solutions for the United States Marine Corps: From the Foxhole to Quantico (F3c)
This talk will be presented by a CSfC Trusted Integrator with two contracts supporting the United States Marine Corps—MAGTF Common Handheld (MCH) and MARCENT Remote Access (RA). MCH is focused... Read More
Luke Haverlak
4:40 pm-5:10 pm
5:20 pm-6:20 pm
CSfC Trusted Integrators: Putting CSfC into Practice (F4a)
Kerry Leo
Edward Jennings
James Thompson
Rob Chee
Jeffrey Nelson
9:00 am
Common Criteria and NIAP (R0b)
Shantel Powell
9:30 am
10:00 am-10:30 am
Crypto Validations: NIST and NIAP (R0c)
Cryptographic Algorithm Validation Program (CAVP) is an essential element that validates a core crypto library within a product. CAVP certificates are crucial pre-requisites for FIPS and CC certification programs. Even... Read More
Shaunak Shah
11:00 am
Mobile Application Compliance (R1a)
Angelos Stavrou
12:00 pm-12:30 pm
Certification Strategy: EAL vs CPP (R1c)
Nithya Rachamadugu
1:30 pm-2:00 pm
2:00 pm-2:30 pm
2:30 pm-3:00 pm
Scoping to Control Cost of CC Evaluations (R2c)
Kevin Steiner
3:30 pm-4:00 pm
Working to Preserve the Common in Common Criteria (R3a)
Alicia Squires
4:00 pm
Test Automation (R3b)
Lachlan Turner
Summary Panel Discussion: The Future of Common Criteria (R3b)
Kenneth Lasoski
Joshua Brickman
Nithya Rachamadugu
Kevin Micciche
9:05 am
CSfC PMO Introduction (P10b)
John Dunker
9:10 am
Government Keynote 2022 (P10c)
Neal Ziring
9:50 am
Commercial Products & National Security: Building on Past Success to Fuel Future Impact (P10d)
Many of the technologies needed by the U.S. government to address critical missions already exist—built by commercial industry and the startup ecosystem. But the national security community’s ability to identify,... Read More
Munjeet Singh
10:50 am
Registration Overview Brief (N11a)
Scott Henry
10:50 am
Trusted Integrator Experience (C11a)
A trusted integrator’s perspective on the experience of submitting a good, complete registration package.
Edward Jennings
11:20 am
CSfC Trusted Integrators Panel: Putting CSfC into Practice (C11b)
CSfC implementations continue to grow and support many operational use cases. CSFC Trusted Integrators facilitate the planning, certification, accreditation, training, installation, operation, and maintenance of CSFC architectures This panel will... Read More
Daniel Birenkott
Chris Heath
Stephen Booher
Mark Luther
Edward Jennings
11:50 am
NIAP Overview (N13b)
CSfC products require validation by Common Criteria Testing Labs, in accordance with the National Information Assurance Partnership (NIAP) Protection Profiles (PPs). This presentation will provide an update on recent efforts... Read More
Matthew Downey
CSfC PMO Program Updates and Process Improvements; Ask the PMO Panel (P12a)
Bill Harrod
Boyd Fletcher
Dave Ziska
Scott Henry
Nathan Degruttola
Sam Green
John Dunker
3:10 pm
3:10 pm
Making Sense of the Quantum Mess (T13b)
In 2015, NSA declassified some of their concerns regarding the threat of quantum computing to classical cryptography, making the (in)famous statement, “IAD will initiate a transition to quantum resistant algorithms... Read More
Jon Green
4:00 pm
Wireless in the Weapons Engagement Zone (An Update to USMC C2 CSfC) (I14a)
An update for the 1st Marine Division package to include it’s expansion and further testing results. The primary update will include testing and feedback from II Marine Expeditionary Force as... Read More
Christopher Port
4:20 pm
Special Topics (N14b)
Sam Green
4:30 pm
CSfC for Tactical and Vehicle Communications (I14b)
CSfC provides unique capabilities for tactical communicators that are impossible, impractical, or too costly to implement with Type-1 solution. This presentation will cover the unique CSfC use cases and key... Read More
Dominic Perez
4:40 pm
Cross Domain Solutions (N14c)
Boyd Fletcher
9:05 am
NSA PQC Defense Perspective (Q00b)
Morgan Stern
9:35 am
10:45 am
Overview of Post-Quantum Cybersecurity (Q01a)
Malek Ben Salem
11:15 am
Quantum Resistance and CSfC – Now What? (Q01b)
Okay, we get it: quantum computers will break today’s public key cryptography. So, now what? As we await the standardization of the NIST-selected post quantum cryptographic algorithms, U.S. Federal agencies,... Read More
Bill Becker
11:45 am
12:15 pm
QR CSfC (Q01d)
Luke Morgan
1:45 pm
Update to Making Sense of the Quantum Mess (Q02a)
This discussion is an update to the 2022 CSfC Conference ‘Making Sense of the Quantum Mess’ presentation. It includes a review of the May 2022 quantum resistant CSfC requirements changes... Read More
Patrick Guerin
2:45 pm
Post-Quantum Crisis in the ICT Supply Chain (Q02c)
CMMC requires employing approved cryptographic solutions to protect the confidentiality of CUI. However, within 10 years (and perhaps much sooner), current cryptographic solutions may become obsolete due to advancements in... Read More
Jeremy Rasmussen
3:45 pm
PQ Cryptographic Agility (Q03a)
David Ott
NIAP Implementation of CNSA Suite v2.0 (Q03b)
The National Information Assurance Partnership and the Center for Cybersecurity Standards will give a joint presentation on the quantum resistant algorithms contained in the Commercial National Security Algorithm Suite 2.0... Read More
Rebecca Guthrie
Matthew Downey
9:50 am
CSfC PMO Program Updates and Process Improvements; Ask the PMO Panel (P12a)
Bill Harrod
Dave Ziska
Nathan Degruttola
Sam Green
Matthew Downey
John Dunker
1:00 pm
Capability Packages Roadmap Update (N12a)
Nathan Degruttola
1:00 pm
Commercial Solutions for Classified (CSfC)—101 (R12a)
To mitigate the ever increasing Cyber threats to our Commercial and Government networks, the National Security Agency’s (NSA) Commercial Solutions for Classified (CSfC) architectures are available to safeguard our information.... Read More
Mark Luther
Jack Rose
1:00 pm
Can You “Shift Left” Compliance? (C12a)
Our industry has pushed to “Shift Left” security to make security real-time, continuous, and complete. As such, many tools have emerged, including Cloud Security Posture Management (CSPM) solutions, Vulnerability and... Read More
Anil Karmel
1:30 pm
Registration Expectations (N12b)
Casey Clarke
1:30 pm
CSfC Enabling Joint All Domain Command and Control (JADC2) (C12b)
Joint All Domain Command and Control (JADC2) is going to require integration across DoD forces in Army, AF, Navy, Marines, SOCOM as well as FVEY/NATO and Coalition partner operations. Learn... Read More
Russell Glenn
Steven Karsten
2:00 pm
Adding Supply Chain Trust to CSfC Component Selection By NSA Research Directorate, Assurance Concepts Integration (N12c)
Supply Chain issues, chip shortages, and manufacturing outsourcing has been of great concern in recent months. Executive orders and Supply Chain policy has called for risk mitigation techniques to be... Read More
Lawrence Reinert
2:00 pm
Quantum Countermeasures in CSfC (R12c)
The Quantum Threat is anticipated to pose a grave danger to the cryptographic algorithms that are used to secure data and communications. Replacement algorithms are being developed, but what to... Read More
Khuong Tang
2:00 pm
Secure Tactical Solutions Using Hardware Security Modules (C12c)
Today’s warfighters require secure tactical solutions to address the current network threat actors deploying the latest advanced attack methodologies. Consequently, Commercial Solutions for Classified programs are seeing increased requirements for... Read More
Alex Antrim
Panel: CSfC Trusted Integrators—Putting CSfC Into Practice (T13a)
Discussion Topics: – Capability package & solution registration and re-registration – Role of trusted integrator / how has evolved / lessons learned – Operational drivers & requirements for CSfC –... Read More
David Gregory
Neal Burkhart
Keith Stacy
Edward Jennings
Jeffrey Nelson
3:00 pm
What is “Enhanced” About an ERD? (S13a)
The Mobile Access Capability Package v2.5 introduced a mandate for the use of an Enhanced Retransmission Device for mobile CSfC implementations. What makes an ERD “Enhanced” over a traditional RD?... Read More
Jason Sebranek
3:00 pm
Composed End User Device (N13a)
A brief summary of the CSfC Programs new EUD Composition Guidance Addendum. The Addendum will provide updated guidance on the implementation of EUDs within MA, CWLAN, and DAR CP to... Read More
Mike Rovnan
3:30 pm
CSfC in Secure Facilities: Navigating the gauntlet of requirements and policies successfully (S13b)
Based on 9+ years of experience in “Secure Mobility”, this talk will walk the audience through a sanitized version of some of the challenges and possible strategies to achieve successful... Read More
Austin West
3:30 pm
CNSA 2.0 (N13b)
William Layton
Case Studies in System/Cyber Engineering and Test and Evaluation Regarding the CSfC Draft Tactical Capability Package (T13c)
Speakers will discuss lessons learned from System /Cyber Engineering and Test and Evaluation regarding the DRAFT CSfC Tactical Package for the MAGTF Common Handheld Program (MCH). The talk will focus... Read More
Valerie Richardson
Edward Jennings
4:00 pm
Building, Deploying and Managing an Enterprise Class DoD CSfC Remote User Platform (S13c)
This talk will provide background, including insights/challenges, use cases, best practices and timelines, on a rapidly designed, accredited and fielded enterprise level CSfC solution enabling Department of Defense (DOD) Army... Read More
William Turmel
4:00 pm
4:30 pm
Mobile Phones in CSfC (N13d)
According to the Pew Research Center, 97% of Americans now own a cellphone of some kind. We are increasingly depending on our mobile phones to meet more of our mission... Read More
Brett Schenck
4:30 pm
The Building Blocks of a Security Paradigm: Security, Usability, and Flexibility (S13d)
Triitus’ founder, Donald Carter, contributed to the creation of CSfC when he engineered the first ever wireless solution used in a SCIF. A properly implemented CSfC package is robust in... Read More
Donald Carter
9:00 am
9:30 am
US Common Criteria Scheme Update (R00b)
An update on Common Criteria. The National Information Assurance Partnership (NIAP) is responsible for U.S. implementation of the Common Criteria, including management of the NIAP Common Criteria Evaluation and Validation... Read More
Matthew Downey
10:00 am
11:00 am
11:30 am
Vulnerability Handling in Common Criteria (R01b)
Daniel O’Loughlin
12:00 pm
1:30 pm
NDcPPv3.0e Changes and Updates (R02a)
Kristy Knowles
2:00 pm
A CC Testing Lab’s Survival Kit (R02b)
The speaker will talk about how a CC testing lab under many schemes (German BSI, US NIAP, Sweden CSEC, Italy OSCI, Singapore CSA), is navigating the rapidly changing landscape of... Read More
Yi Mao
2:30 pm
3:30 pm
NIAP SBOM Pilot (R03a)
Angela Soum
4:00 pm
PQ for VPNs: Implications for CC Evaluations of VPN Gateways (R03b)
One of the most common ways of evaluating VPN Gateways in Common Criteria has been using NDcPP and PP-Module for VPN Gateways. This requires the Target of Evaluation (TOE) to... Read More
Anantha Kandiah
4:30 pm
Common Criteria and FedRAMP (R03c)
Ben Tucker
9:20 am
Government Keynote: CSfC and the Future (P10c)
This keynote address by Dr. Adrian Stanger of the NSA will cover the evolving landscape of protecting classified information. The talk will focus on the evolution of CSfC, guiding attendees... Read More
Dr. Adrian Stanger
9:50 am
Industry Keynote: 15 Years of CSfC (P10d)
This year’s Industry Keynote Presentation will cover the rationale for developing an option for traditional Type 1 Cryptographic Equipment, the framework launched in 2008, and the evolution and tremendous impacts... Read More
Richard Schaeffer
1:00 pm
CSfC 101—Where to Begin (R12a)
A brief introduction/discussion of CSfC capabilities and intended benefits. Understanding how to correctly implement CSfC solutions takes dedication and focused effort. Where do integrators begin? How to navigate and overcome... Read More
David Gregory
1:00 pm
Defense In-depth with Self-Encrypting Drives and Their Untapped Potential (C12a)
The Self-Encrypting Drive (SED) technology has been commercially available in storage products since 2007. SED storage devices started to gain traction after the first version of the collaborative Protection Profile... Read More
Manuel Offenberg
1:00 pm
Panel Discussion: CSfC Trusted Integrators—Putting CSfC into Practice (R12b)
In this panel discussion and Q&A session, the audience will have the opportunity to ask questions of experienced Trusted Integrators. This panel will be presented in an open format so... Read More
Eric Gursky
Matt Hyson
Keith Stacy
Mark Luther
Edward Jennings
1:30 pm
The Future of Zero-trust Virtual GFE: Gain Cross-Domain Access from a Single Device (C12b)
Many service members and government contractors access mission-critical information via IL5 or IL6 from on-premise hardware. When that user is deployed or travels overseas, how do you effectively transition their... Read More
Brian Kovalski
1:30 pm
CSfC Roadmap Informational Brief (N12b)
The Commercial Solutions for Classified (CSfC) program drives the development of CSfC-compliant secure mobile solutions for National Security System (NSS) customers. Deployment of these solutions hinge on continued enhancements and... Read More
Nathan Degruttola
2:00 pm
CSFC for Non-Government Critical Infrastructure Protection Sectors—” Why should the DIB have all the fun?” (C12c)
Why should the DIB have all the fun? Today’s emerging threat landscape and unleashed potential of Adversarial AI combined with the geopolitical struggles around the world have led to the... Read More
Darnell Washington
2:00 pm
Tactical CP (N12c)
Commercial Solutions for Classified (CSfC) customers create secure solutions following the product agnostic guidelines in the Capability Packages (CP)s and selecting products from the CSfC Approved Products List. The Tactical... Read More
Mike Rovnan
3:00 pm
What’s the Buzz all about anyway? (S13a)
Today the buzz in IT is all about AI, Quantum, 5G, and Attack Surface Management. But how and where do these IT components come together? And how do they support... Read More
William Harrod
3:00 pm
Updates on PQC Migration Efforts by Industry (Q13a)
This talk will aim to provide a status update on PQC Migration Efforts across industry. In particular, it will focus on the MITRE-stood-up PQCC (PQC Coalition), which launched in Summer... Read More
Daniel Apon
3:00 pm
Composed EUD (N13a)
The CSfC EUD Composition Addendum is a major programmatic change for CSfC solutions and the EUD use case philosophy. This addendum provides the customer base with clear guidance on creating... Read More
Mike Rovnan
3:30 pm
CSfC at the Tactical Edge (S13b)
The Fleet Marine Forces (FMF) have been leveraging a Campus WLAN solution for almost three years now in both exercises and real-world operations. This talk will summarize lessons learned, the... Read More
Christopher Port
3:30 pm
Making Sense of the Quantum Mess ’24 (Q13b)
This discussion is an update to the 2023 CSfC Conference ‘Making Sense of the Quantum Mess’ presentation. It includes reviews of the Quantum Computing (QC) threat, Why the NIST Post... Read More
Patrick Guerin
3:30 pm
Registration Process Updates (N13b)
Commercial Solutions for Classified (CSfC) customers create secure solutions following the product agnostic guidelines in the Capability Packages (CPs) and selecting products from the CSfC Approved Products List. This briefing... Read More
Dossie Merrill
Mike Devine
The Agencies Panel: Perspectives from NIST, CMVP, NIAP, and more (N13c)
This panel, comprised of agency representatives, will provide an expert update and outlook on the activities of the agencies that most closely affect CSfC.
Joseph McDaniels
Jennifer Curtis
Eileen Goodell
Tim Hall
Tricia Wolff
Matthew Downey
4:00 pm
CSfC Tactical, WLAN, and MA CP Case Studies (S13c)
This talk will provide a brief review of the NIAP Compliance and CSfC Approval processes, a brief review of the (DRAFT)Tactical, WLAN, and Mobile Access Capability Packages and a deeper... Read More
Edward Jennings
4:00 pm
Future Proofing Data Communications with Post-Quantum VPN (Q13c)
This talk will focus on the possibility of quantum computers posing a serious challenge to cryptographic algorithms deployed widely today. The Internet Key Exchange Protocol Version 2 (IKEv2) is one... Read More
Philip Kwan
4:30 pm
The Challenges of Creating a Commercialized Enhanced Retransmission Device (ERD) (S13d)
The Mobile Access Capability Package v2.5 introduced a mandate for the use of an Enhanced Retransmission Device (ERD) for mobile CSfC implementations. The written and derived requirements for an ERD... Read More
Jason Sebranek
4:30 pm
Implementing CSfC at Scale: Slings, Arrows, and ATOs (Q13d)
Implementing CSfC solutions is challenging. Implementing a complete CSfC architecture, including more than 3,000 mobile endpoints for the premiere law enforcement agency in the world is a daunting task. This... Read More
Scott Bean
9:00 am
FCC Perspective on Cyber Trust Mark (T20a)
The presenter provide a high-level overview of the FCC’s Cyber IoT Label program
Debra Jordan
9:30 am
Outlook for the Cyber Trust Mark Program (T20b)
David Grossman
9:30 am
Should I Care About NIAP Evaluations? (Y20b)
The National Information Assurance Partnership (NIAP) is responsible for U.S. implementation of the Common Criteria, including management of the NIAP Common Criteria Evaluation and Validation Scheme (CCEVS) validation body. NIAP... Read More
Matthew Downey
9:30 am
9:30 am
10:00 am
NIST Recommendations for the Cyber Trust Mark (T20c)
Barbara Cuthill
10:00 am
Quantum (Resistant Crypto.) (Y20c)
Stiepan Kovac
Panel Discussion: The Global Context for the US Cyber Trust Mark (T21a)
The Information Technology Industry Council will put together a panel of government and industry speakers who can address the various global “cyber trust marks” and how they may or may... Read More
Eric Tamarkin
Steve Hanna
Andrew Stewart
Katie McAuliffe
Barbara Cuthill
11:00 am
DoDIN APL: A Logical Extension to the Common Criteria Evaluation (Y21a)
Overview the Department of Defense Information Network (DoDIN) Approved Products List (APL) certification as a DoD procurement requirement for hardware products. Compared and contrasted the objectives of CC and DODIN... Read More
Herbert Markle
12:00 pm
12:00 pm
Beyond the CIA Triad (Y21c)
There is an undeniable need for security policies and mitigation strategies to review more security principles than the common CIA triad of confidentiality, integrity, and availability that most security professionals... Read More
Jim West
1:30 pm
Composition Made Easy with SESIP for the US Cyber Trust Mark (T22a)
SESIP (now also EN17927) is an optimized security methodology designed to simplify security evaluation in the IOT ecosystem. It focuses on the main critical security functions, in order to get... Read More
Ana Tavares Lattibeaudiere
1:30 pm
2:00 pm-2:30 pm
Can Security Be Nutritious? (T22b)
Security certifications have been around for decades but how should non-technical audiences interpret 400+ validation reports? Over the last few years there has been a lot of research and debate on... Read More
Eugene Liderman
2:30 pm
2:30 pm-3:00 pm
Panel Discussion: Better Together: How Public and Private Sector Can Help Harmonize Around IoT Cybersecurity (T22c)
An expert panel discussion on collaboration between the public and private sectors toward better IoT cybersecurity.
Eugene Liderman
Henry Tan
Barbara Cuthill
David Grossman
3:30 pm
4:00 pm
Securing Remote Access (Y23b)
This talk will show how to protect the data, devices, and networks in the era of cloud computing, remote access, and emerging technologies.
William Harrod
4:00 pm
4:30 pm
Streamlining the Audit/Assessment Process (T23c)
Auditing has become complex, since the induction of Cybersecurity. I will present a structured process to reduce the time and money required to complete an assessment / audit for a... Read More
Robert Ashcraft
9:30 am
Planning for the Next-Gen of Government IT (Y20b)
Government IT systems must adapt to meet emerging demands while maintaining strict security and compliance standards. This talk explores strategies for planning and deploying next-generation IT solutions within the Department... Read More
Chip Daniels
9:00 am
CC in the Market Today (R00a)
This talk will provide a unique perspective on the current state of CC in the U.S. It will also look at CC developments in the EU and Pacific Rim. This... Read More
Michael F. Angelo
9:30 am
Global Trends in Common Criteria (R00b)
Updates on international Mutual Recognition Arrangements (MRAs) and the impact of European cybersecurity regulations on US certifications.
Adam Golodner
10:00 am
Maybe The Criteria Isn’t So Uncommon After All (R00c)
There has been a substantial diversification in the use of Common Criteria under different schemes. That diversification may read as the CC having became The Uncommon Criteria as a result... Read More
Jussipekka Leiwo
11:00 am
The Common Criteria Evaluation Process (R01a)
Step-by-step breakdown of the certification process. Tips for vendors navigating evaluations.
Chris Gugel
Panel Discussion: The Role of Common Criteria in the DIB (R01b)
Expert panelists will discuss the important role of Common Criteria and current challenges faced. Topics include: Security Assurance for Defense Systems Alignment with DoD & NSA Requirements Interoperability & Supply... Read More
Joshua Anzaroot
Jussipekka Leiwo
Michael F. Angelo
Felipe Fernandez
Kevin Micciche
1:30 pm
Lessons Learned from Recent Certifications (R02a)
Case studies from recently completed Common Criteria evaluations. Discussion on challenges, best practices, and unexpected roadblocks.
Justin Fisher
2:00 pm
CCUF and the Role of Technical Communities (R02b)
Technical communities play a crucial role in developing Protection Profiles (PPs), refining evaluation methodologies, addressing emerging threats, and balancing security rigor with commercial feasibility.
Brian Wood
2:30 pm
Mapping Common Criteria to Other Compliance Frameworks (R02c)
Understanding overlaps between Common Criteria, FedRAMP, CMMC, and CSfC. Strategies for reducing duplication of effort in compliance.
Anne Gugel
3:30 pm
What’s Next for Common Criteria? (R03a)
Predictions on upcoming policy changes and industry adaptation strategies.
Shaunak Shah
Panel Discussion: Common Criteria & US National Security Priorities (R03b)
As cyber threats continue to evolve, securing the technology used in US defense and critical infrastructure has never been more critical. Common Criteria (CC) plays a pivotal role in ensuring... Read More
Ed Morris
Tom Benkart
Kristy Knowles
Kenneth Lasoski
Shaunak Shah
9:00 am
Welcome (P10a)
Dominic Perez
9:10 am
CSfC PMO Introduction (P10b)
John Dunker
9:50 am
Industry Keynote: Pushing the Edge—CSfC for an Emerging Space Ecosystem (P10d)
Rapidly declining launch costs are driving a growing commercial ecosystem for space deployments. Space is no longer exclusively a GOTS proposition and is moving rapidly toward COTS solutions. For example,... Read More
Manuel Offenberg
1:00 pm
Commercial Solutions for Classified Trusted Integrator Training Workshop (R12a)
As part of the CSfC 2025 Trusted Integrator Training Workshop at the Technology Advancement Center in Columbia, MD, this talk provides valuable insights for Trusted Integrators. It outlines the skill... Read More
Darnell Washington
1:00 pm
Next-Generation Mobility Access-as-a-Service to Classified Data (C12a)
Government agencies face increasing demands for remote work and connectivity across disparate facilities, often located on or near campuses. While remote work poses new challenges, securely extending network access to... Read More
John Dunn
1:00 pm
Panel Discussion: Trusted Integrator (TI) Perspective (R12b)
This four-person panel discusses trends and challenges noted by Trusted Integrators. The discussion addresses how these challenges are managed for customers, including topics such as accreditation and evolving NSA mandates... Read More
Brian McElroy
Fred Elliott
Eddie Jennings
Keith Stacy
Mohammed Abaza
1:30 pm
Integrating Tactical NSA CSfC Data-at-Rest Solutions for Drone Operations (C12b)
This talk examines the application of NSA CSfC-compliant data-at-rest (DAR) solutions in tactical drone systems. It addresses the unique challenges of securing sensitive mission data, including environmental constraints, lightweight hardware... Read More
Keith Fuentes
1:30 pm
FIPS 140-3 and CNSA 2.0 Compliance Via Hybrids (N12b)
Most people think that support for post-quantum algorithms means sacrificing support for their FIPS 140-3 certified implementations of conventional algorithms such as ECC, RSA and FFDH. With hybrid certificates, authentication... Read More
Anthony Hu
2:00 pm
“You Have an Approved CSfC Solution. So, What’s Next?” (C12c)
This talk addresses the process of maintaining an approved CSfC solution for the USMC. It provides insights into what is expected after a solution is approved and offers guidance on... Read More
Valerie Richardson
2:00 pm
CSfC for Commercial and Enterprise Storage (N12c)
Jonathan Halstuch
3:00 pm
Making Sense of the Quantum Mess ’25 (Q13a)
This talk provides an update to the 2024 CSfC Conference session, “Making Sense of the Quantum Mess.” It includes firsthand lessons learned from obtaining NSA/DNM NSS approval and installing a... Read More
Patrick Guerin
3:00 pm
3:00 pm
USMC Wireless Lessons Learned (N13a)
Christopher Port
3:30 pm
Incorporating Quantum-Safe Algorithms into the NSA CSfC Data-at-Rest Program (Q13b)
This talk explores strategies for integrating quantum-safe algorithms into the NSA’s Commercial Solutions for Classified (CSfC) Data-at-Rest program. It discusses current cryptographic vulnerabilities posed by quantum computing and outlines a... Read More
John Myung
3:30 pm
Reducing CSfC Risk with Hardware-Based Security Isolation and Enforcement (C13b)
This talk focuses on reducing risk in CSfC mobile access solutions. By leveraging hardware-based Cross Domain Solutions with FPGA technology, secure access to classified networks is achieved while minimizing exposure... Read More
Randall Wood
3:30 pm
The Agencies Panel: Current Perspectives on Government Agency Changes (N13c)
This panel, comprising agency representatives, provides an expert update and outlook on the activities of agencies that most closely impact CSfC.
Claudio Belloli
David Hawes
Kathleen Moyer
Tricia Wolff
4:00 pm
Evolving Enterprise Gray Networks with Symmetric Key Agreement for the Future (Q13c)
Enterprise Gray serves as a secure, controlled topology that enables safe communication and data transfer between classified (Red) and unclassified (Black) systems. It bridges classified and unclassified networks while meeting... Read More
Roberta Faux
4:00 pm
Smart Network Interface Cards and Quantum-Secure Symmetric Key Agreement for Plug-and-Play Enterprise Gray (Q13d)
The NSA’s Commercial Solutions for Classified (CSfC) framework emphasizes the need for secure, modular, and scalable gray network topologies, with Enterprise Gray configurations playing a central role in achieving this... Read More
Connor Spangler
4:00 pm
Updates to CSfC Efforts Supported by SAIC: Tactical and Enterprise Use Cases and Lessons Learned (C13c)
This talk provides updates on new and previously discussed tactical and enterprise CSfC efforts supported by SIAC. It includes related use cases and lessons learned from supporting new CSfC solution... Read More
Eddie Jennings
4:30 pm
Enhancing CSfC Through Hardware-Enforced Microsegmentation (C13d)
This talk examines how hardware-enforced microsegmentation enhances CSfC deployments. By implementing physical network isolation at the hardware level, organizations can create true security boundaries between different network domains while maintaining... Read More
Matias Katz
9:00 am
DoDIN APL Status and Outlook (Y20a)
This talk will cover recent policy updates, common challenges faced during the certification process, and emerging trends that could impact future approvals.
10:00 am
Post-Quantum Cryptography and DoDIN Certification (Y20c)
This talk explores the impact of post-quantum cryptography (PQC) on the DoDIN APL certification process, with insights into emerging PQC standards, how they align with current DoDIN requirements, and strategies... Read More
Stiepan Kovac
Panel Discussion: The Future of CSfC–Supporting Through Government-Driven Changes (P11a)
As federal and DoD cybersecurity strategies evolve under new directives, integrators and commercial product developers are facing unprecedented uncertainty. This panel convenes industry leaders at the forefront of CSfC implementation... Read More
Brendan Sullivan
David Crawford
Dylan Lamarre
Jay Diem
Darnell Washington
11:00 am
APL Pitfalls—Why Vendors Enter the DoDIN APL Process and Fail and How to Avoid These Issues (Y21a)
This talk covers common pitfalls vendors face during the certification journey—from technical non-conformities to documentation errors—and provides practical guidance on how to avoid them. Learn from real-world examples and gain... Read More
Kathleen Moyer
11:30 am
Navigating the Pitfalls on the Path to DoDIN APL Certification (Y20a)
The DoDIN APL process is very difficult to navigate for a first-time product vendor. This presentation will include all the common pitfalls for product vendors in obtaining DoDIN APL certification.... Read More
Jeremy Duncan
11:30 am
Optimizing Compliance: Streamlining Security and Certification Readiness (Y21b)
In today’s rapidly evolving regulatory landscape, how can vendors ensure continuous compliance and streamline certification processes? Building compliance as a continuous process is essential. By proactively assessing security requirements and... Read More
Shashi Karanam
12:00 pm
Preparing for the DoDIN APL Testing Process (Y21c)
As one prepares a product for the DoDIN APL process there are some things that can be accomplished ahead of time to help make the testing experience better. This talk... Read More
Herbert Markle
1:30 pm
Software Acquisition Guide for Government Enterprise Consumers (Y22a)
Many cyberattacks have exploited vulnerabilities and weaknesses in software and within software supply chains; an issue that spans both proprietary and open-source software which impacts both private sector and government... Read More
Sridhar Balasubramanian
2:00 pm
Your Data Their Target (Y22b)
Data is the high ground, and without a strategic approach to securing it, the adversary dictates the fight. True cyber dominance is achieved through proactive defense—understanding the terrain, predicting the... Read More
Westley McDuffie
2:30 pm
A Novel Approach to Reducing Costs (Y22c)
A novel approach to reducing compliance and certification costs while simultaneously decreasing your attack surface, improving reliability, and enhancing interoperability.
Nikheel Pruthi
3:30 pm
DISA’s Cybersecurity Pivot: From APL to STIGs—Redefining Trust in the DoDIN (Y23b)
The DoD has announced a plan to sunset its longstanding Approved Products List (APL) program by September 30, 2025. The Defense Information Systems Agency (DISA) and Joint Forces Headquarters-Department of... Read More
Bill Shelton
Westley McDuffie
Jeremy Duncan
Herbert Markle
8:00 am
9:00 am
Welcome and Introduction (P00a)
Melissa Kaiser
9:30 am
Differences Between NDcPP v3.0e and v4.0 (R00b)
Covering technical and assurance deltas between NDcPP v3.0e and v4.0, including updated SFRs, modified SAR expectations, and changes to cryptography, vulnerability analysis, and testing depth. Attendees will gain a clear... Read More
Kristy Knowles
10:00 am
Lessons Learned from Recent Certifications: Reducing Rework in Scope, Evidence, and Crypto Dependencies (R00c)
Case-study-driven guidance on what actually causes rework late in evaluations: mis-scoped TOE boundaries, evidence gaps, configuration drift, and crypto-validation dependencies—and how successful teams structure engineering and documentation to keep moving.
Justin Fisher
10:30 am
Mapping Common Criteria to CSfC, RMF, FedRAMP, and CMMC: How to Cut Duplicate Compliance Work (R00d)
Joshua Anzaroot
Jussipekka Leiwo
Understanding the Realities of Continuous Monitoring for the Affirming Official (D01a)
This talk will present and discuss the CSfC Capability Package changes scheduled to be implemented in the next 12-18 months.
George Perezdiaz
CMMC Vendor Playbook: How to Select a Trusted C3PAO, MSP, CSP, or RPO (K01a)
This talk will provide an overview of the CSfC CNSA 2.0 Post Quantum Implementation Roadmap.
Andrew Freund
When Code Becomes CUI: Conducting CMMC Assessments on Custom Software (M01a)
CMMC is about describing how your organization meets each requirement, demonstrating what you do, and proving that it’s working. Assessments live and die on written evidence; if policies, procedures and... Read More
Kyle Lai
What Not to Miss When Scoping CUI in Your Environment (M01b)
Providing answers during an assessment is an exercise in precise measurements. Just enough information to answer the question and not too much information to turn a 5 minute answer to... Read More
Rachel Bassford
Lessons from a C3PAO: Top 10 Insights from the First CMMC Assessments (K01b)
This talk will provide an overview of the CSfC Trusted Integrator Process and TI vetting process.
Michael Brooks
11:30 am
Engineering for Verification: The Technical Realities of Passing CMMC (D01b)
As CMMC shifts from planning to enforcement, contractors are learning that passing an assessment requires more than implementing controls. It requires systems and processes engineered for verifiability. This session outlines... Read More
Scott Whitehouse
An Assessors View on False Starts (K01c)
This four-person panel discusses the role of Trusted Integrators and some of the critical tasks they support; for example, how is a customer’s use case aligned with a Capability Package?... Read More
Corey Garretson
Multi-Framework Intelligence: Reusing CMMC Evidence Across ISO 27001, SOC 2, and Beyond (E02a)
A Panel of CSfC Program Management Office and Engineering leadership and senior engineers will field questions from the audience as well as prepared questions to seed the conversation.
Justin Beals
CMMC Guidance from a DOD Perspective (L02a)
Selecting the right C3PAO, MSP, CSP, and/or RPO is one of the most critical decisions a defense contractor will make during their CMMC journey. This session unveils a practical, risk-based... Read More
Derrick Davis
CMMC Assessment Process (CAP) (M02a)
With the CMMC rule finalized and many DIB companies already certified, assessments are closer than you think. Thousands of organizations will soon seek certification from third-party C3PAOs. In this talk,... Read More
Fernando Machado
Closing the Readiness Gap: What CMMC Assessments Reveal About Contractor Preparedness (E02b)
Practitioners talk alot about what things to consider when scoping CUI in your IT environment but no one talks about the actual process, what is often missed, and the decisions... Read More
Bill Wootton
What to Do (and Not Do) in a CMMC Assessment (M02b)
As more defense contractors develop custom software that handles CUI, CMMC Level 2 assessments increasingly include software scoping and security. This session explains what to do and not do when... Read More
Derek Kernus
2:00 pm
Vulnerability Handling & Assurance Continuity: Staying Certified While Patching Fast (R02b)
Straight talk about CVEs in certified products: how vendors and labs handle “security-relevant” vulnerabilities, how to avoid certification derailment, and how to build patch workflows that satisfy customers, integrators, and... Read More
Herbert Markle
Top 5 Issues of CMMC Level 2 Assessments (M02c)
The Cybersecurity Maturity Model Certification (CMMC) Program went into effect in 2024, and assessments must follow the CMMC Assessment Process (CAP). This talk outlines the CAP phases and typical assessment... Read More
Carter Schoenberg
3:00 pm
What Is the Assessor Looking for? Avoiding Pitfalls in Your CMMC Assessment (E03a)
This talk will provide an overview of the CSfC Components List Process and component vetting process.
David Bedard
If It Isn’t Documented, It Doesn’t Exist (M03a)
As stable quantum computing becomes plausible, what will it mean for cryptography? This session explores the possibilities and challenges of post quantum advances and their impact on security.
Stuart Itkin
3:30 pm
Say WHAT? – Inside the Mind of a CMMC Certified Assessor (E03b)
Defense contractors rarely face CMMC in isolation. Commercial customers demand SOC 2. International partners require ISO 27001. Healthcare clients need HIPAA. The result? Organizations spend months duplicating effort, collecting the... Read More
James Goepel
A Trusted Ecosystem Is Essential for Building and Maintaining a Low-Cost & Effective Compliance Program (L03b)
This session proposes a technical, implementation-focused briefing and working session that equips federal cybersecurity and infrastructure teams to operationalize post-quantum cryptography (PQC) in response to U.S. Government direction. OMB Memorandum... Read More
Leslie Weinstein
Evidence without Chaos: A Practical Blueprint for Faster, Cleaner CMMC Level 2 Readiness (M03b)
Preparing for CMMC Level 2 shouldn’t feel like herding cats with spreadsheets. Many organizations struggle to manage evidence. This session offers a practical blueprint for streamlined, efficient evidence collection and... Read More
Troy McCartney
4:00 pm
Panel: The Future of Common Criteria—CC:2022 Rollout, Automation, PQ, and New Domains (R03a)
A forward-looking strategy discussion focused on what will change next: CC:2022 transitions, evidence automation, SBOM/vulnerability-intelligence integration, and emerging technical domains (including PQ readiness and virtualization/cloud-native boundary problems).
Tom Benkart
4:30 pm
Salon E
CMMC’S Here, but Is My Supply Chain Ready?: Understanding and Allocating the Risk Presented by CMMC’S Mandatory Flowdown Requirements
The purpose of this talk is to discuss the new CMMC DFARS clause’s mandatory flowdown requirements, which apply to non-COTS subcontractors and suppliers at every level as a condition for... Read More
CMMC’S Here, but Is My Supply Chain Ready?: Understanding and Allocating the Risk Presented by CMMC’S Mandatory Flowdown Requirements (L03c)
CMMC is ramping up over the next four years. We are in Year 1 with self-assessments, but Year 2 will require third-party validation. This session looks at how ready your... Read More
Roger Abbott
4:30 pm
9:50 am
Industry Keynote (P10d)
Derek Strausbaugh
10:30 am
DoD Zero Trust by FY27 — Vendor Requirements for Identity, Devices, Data, Telemetry (R10d)
A vendor-focused translation of Zero Trust: what DIB product teams must support (identity signals, device posture, data tagging/controls, continuous telemetry), what “target level by FY27” implies for roadmaps, and how... Read More
Sean Frazier
CSfC Panel Discussion (P11a)
Identity and access control weaknesses are a frequent cause of delays, scope creep, and audit findings during CSfC and CMMC implementations. This talk examines common failure points observed in regulated... Read More
John Dunker
11:30 am
Panel: One Evidence Story Across CMMC, DFARS 7012, FedRAMP, and DoD PA/ATO (R11a)
A working session on the hard part: building a single, defensible authorization boundary and evidence narrative that satisfies overlapping frameworks without duplicative audits and rework. Expect concrete discussion of SSP... Read More
Michael Brooks
Forging the Future (C12a)
This panel discusses the recent technical breakthrough that enables iPads and iPhones for classified mobility use cases within the CSfC standard. Experts from Apple, Ivanti and Owl Cyber Defense will... Read More
Darnell Washington
CSfC Components List Process (N12a)
Commercial Solutions for Classified is becoming the standard for cross-domain solutions. This session explores the DoD modernization effort, workforce development mandates under DoD 8140, and the evolving threat landscape including... Read More
John Dunker
1:00 pm
CSfC Trusted Integrator Process (S12a)
John Dunker
Panel Discussion: Trusted Integrator (TI) Perspective (S12b)
This talk will provide a comprehensive overview of End User Device (EUD) composition guidance. Speakers will explain the Addendum process and incorporation into Capability Packages. Speakers will additionally cover the... Read More
Fred Elliott
Eric Gursky
Keith Stacy
Daniel Birenkott
Mohammed Abaza
Enabling Data at Rest Protection for High-Speed Tactical Edge Operations (C12b)
This talk covers how to secure data at rest in high-speed tactical edge environments, balancing strong encryption with performance and CSfC compliance.
Jonathan Halstuch
Manuel Offenberg
CSfC Solution Registration Process Overview (N12b)
CMMC Level 2 C3PAO assessments are finally taking place. Studies have shown that false starts are at around 25%. The speakers will discuss the most common false starts that assessors... Read More
John Dunker
2:30 pm
Cloud & Software Supply Chain Risk — SBOM/Attestation at Scale and Third‑Party Reality (R12c)
SBOM is not the finish line. This talk focuses on operationalizing SBOMs, signing/attestation, third-party dependency governance, and what the DIB should learn from incidents where the supply chain or a... Read More
John Osborne
CSfC EUD Composition Guidance Addendum 2.0.0 and Retransmission Device Protection Profile (N13a)
Self-encrypting drives (SEDs) are often deployed without pre-boot authentication in federal environments, including FIPS/CSfC certified systems, creating a false sense of data security. Without proper authentication, full-drive encryption protections are... Read More
John Dunker
Identity and Access Control Gaps that Derail CSfC and CMMC Implementations (C13a)
This session explores identity and access control weaknesses that undermine CSfC and CMMC implementations. Drawing on 32 CFR Part 170 requirements for annual assessment and affirmation, the speakers will explain... Read More
Herbert Decker
CSfC CNSA 2.0 Post Quantum Implementation Roadmap (Q13a)
CMMC compliance isn’t a one-time project but a continuous program. Learn how to reduce compliance costs and strengthen security by building a trusted ecosystem of advisors, service providers, legal partners,... Read More
John Dunker
The Route to True Drive Encryption Integrity (C13b)
This session reveals the top five most common issues encountered during formal CMMC assessments, drawing on lessons from both the organization and the C3PAO perspective. Attendees will gain insight into... Read More
Conner Crisafulli
Panel Discussion: Enabling Ipad and Iphone Classified Mobility Panel (C13c)
As a top-rated C3PAO, the speakers have conducted dozens of CMMC assessments, uncovering critical patterns, challenges, and best practices. This session will share the top 10 lessons learned, offering actionable... Read More
Daniel Odonohue
CSfC Engineering Capability Package & Annex Roadmap (N13c)
“The Executive’s Guide to CMMC: What C-Suite Leaders Must Know” Audience: CEOs, CFOs, Board Members Key Points: Board-level risk assessment and governance responsibilities Financial impact: budgeting, forecasting, and ROI of... Read More
John Dunker
Post Quantum Cryptography – Much Ado About… Something? (Q13c)
This talk will discuss the CSfC Registration Process as well as providing insight into successfully registering a CSfC Solution
Joshua Marpet
9:00 am-9:05 am
Opening Welcome Presentation (L00)
Peggy J. Miller
9:05 am-9:40 am
Government Keynote Presentation: Modernizing the Army’s Tactical Network with CSfC (L00a)
To modernize its tactical network, the Army has embarked on an evolving two year capability set process. Infusing priority units including Infantry, Stryker and Armor formations with military and commercial... Read More
Brigadier General Robert M. Collins
9:40 am-10:10 am
Industry Keynote Presentation: Considerations for Wireless CSfC Deployments (L00b)
Many CSfC deployments involve some form of wireless technology, with Wi-Fi being the most common. What are the allowable options for wireless? Should you choose the Campus WLAN capability package... Read More
Jon Green
10:10 am-10:30 am
Conference Break
11:00 am - 11:30 am
NIAP Update (L00d)
CSfC products require validation by Common Criteria Testing Labs, in accordance with the National Information Assurance Partnership (NIAP) Protection Profiles (PPs). This presentation will provide an update on recent efforts... Read More
Matthew Downey
10:10 am-10:30 am
Conference Break
11:30 am-11:50 am
Conference Break
Archon ZV – CSfC from the Endpoint to the Cloud (SPONSORED) ID Technologies has created the Archon ZV mobile solution. The Archon ZV platform combines security and reliability of a... Read More
Archon – ID Technologies
11:50 am
CSfC Experience Session (L01A-B)
Session L01 Moderator: Denise Sisson, VP Sales, Archon, ID Technologies
Denise Sisson
11:50 am - 12:20 pm
Operations and Maintenance of Tactical and Enterprise CSfC Solutions (L01a)
The lifetime operations and maintenance costs of enterprise versus tactical CSfC solutions and how they compare to high assurance solutions.
Matthew Lazzaro
12:20 pm - 12:50 pm
CSfC Experience and Case Study (L01b)
Experiences from active duty supporting the AFRICOM J6, DoD secure remote and multi-level emerging requirements, and the coming transport revolution of 5G/Commercial LEO Satellite services.
Brian S. Wimmer
2:10 pm-2:30 pm
Conference Break
PrimeKey CSfC Solutions (SPONSORED) Presented by: Jeff Brooks Director, Federal & East Sales, PrimeKey
PrimeKey
2:30 pm
CSfC Technology Session (L03A-C)
Session L03 Moderator: Jack Rose, Territory Manager – US Army, Aruba, a Hewlett Packard Enterprise Company
Jack Rose
2:30 pm-3:00 pm
State-of-the-Art in Tactical CSfC Technologies (L03a)
Tactical communicators have unique requirements in fielding CSfC solutions – in particular with the size, weight, and power (SWaP) of solutions, as well as with usability, reliability and cost. This... Read More
Charlie Kawasaki
3:00 pm-3:30 pm
Leveraging CSfC to Reduce Risk within Cross Domain (L03b)
Cross domain solutions have long been a double-edged sword in information assurance, providing the necessary access to or transfer of data to keep missions successfully operating. These solutions, which connect... Read More
Adam Hovak
3:30 pm - 4:00 pm
PKI Simplified, Certificate Authorities and PKI Demystified (L03c)
This presentation will look at public key cryptography, public key infrastructure, certificate authorities, and their role in CSfC, covering the following questions: What is a “public” key? What is a... Read More
Jonathan Schulze-Hewett
4:00 pm-4:20 pm
Conference Break
Ask the CSfC PMO Panel Discussion (L04a)
Representatives from the CSfC PMO and NIAP will present a panel discussion with open Q&A from the audience.
Nathan Degruttola
Sam Green
Brandon Harvey
Matthew Downey
Brent Hildebrand
John Dunker
4:45 pm - 5:15 pm
The Importance of Identity Governance and Administration (IGA) in Compliance Frameworks (C13c)
During this session, we will discuss the importance of Identity Governance and Administration (IGA) and how Segregation of Duties (SOD), Policy Enforcement, Risk Assessment and Access Certifications help organizations meet... Read More
Frank Briguglio
3:00 pm - 4:00 pm
Current Frameworks vs. the Threat of Future Technologies (P23)
Panelists will look at the recognized frameworks and consider implications related to future technologies such as A.I., BlockChain, IoT. How will consulting and advisory services respond and what revised standards... Read More
Kimberly Lucy
Joe Warren
Tim Lowman
Ryan Mackie
Willibert Fabritius
9:00 am - 9:30 am
2:45 pm - 3:15 pm
2:00 pm - 2:30 pm
11:30 am - 12:00 pm
Cross Compliance on a Budget—Strategies for Addressing Multiple Regulatory Frameworks without Breaking the Bank (R21b)
Ask any governance or compliance professional and they’ll tell you that the days of having “regulated” vs. “unregulated” industries is over. In fact, most companies have multiple, potentially overlapping regulatory... Read More
Ed Moyle
2:15 pm - 2:45 pm
Considering a Dramatically Different Paradigm to Ensure Security; How the Dynamic and Abstracted Infrastructure can be More Secure than Ever (C12b)
Cloud security, and by extension compliance are challenged by an ever-evolving threat landscape. The dynamics are constantly in flux and it can be a never-ending, unwinnable battle. What if we... Read More
Ranil Dassanayaka
Robert Ames
2:15 pm - 3:15 pm
Enterprise Compliance Panel Discussion: Certification Pitfalls and Lessons Learned (E12b)
Our panel of experts from industry and government provide case studies on the challenges they have encountered in gaining ISO 27001 certifications. Audience members will benefit from hearing about the... Read More
Neil Witek
Heather Reis
John Linkous
Willibert Fabritius
3:45 pm - 4:45 pm
Cloud Compliance Panel Discussion: Should There be a Standard International Reference Architecture to Make Cloud Compliance Easier? (C13a)
Cloud compliance is a relatively new endeavor, and, as such, policy-makers are still working toward identifying consistent and broad-reaching standards for implementation and security. Join our panelists as they discuss... Read More
Anthony Valentine
Anil Karmel
Mark Houpt
Martin Rieger
1:30 pm - 2:00 pm
A Frankenstinean Approach to an Information Security Management System: Implementing ISO 27001 with the CIS CSC (R22a)
The CIS CSC controls are designed to prevent breaches, but there is no current means to be audited as compliant with this standard and prove that it was implemented effectively.... Read More
Walter Williams
1:30 pm 2:00 pm
Blockchain and GDPR – How do you forget what cannot be forgotten? (D22a)
DPR has an inherent “right of erasure”, or the right to be forgotten. A person has the right to request that their data be removed from processing, storage, or use.... Read More
Joshua Marpet
Scott Lyons
11:00 am - 11:30 am
Optimizing Compliance Management using Regulatory Libraries and Mappings: A Perspective on Data Security and Privacy Compliance (R21a)
Managing regulatory and compliance risk is a constant challenge for organizations subject to data security and privacy regulations/standards. The current pace of regulatory change is extremely high, which poses added... Read More
Steve Crutchley
Brian Alexander
10:00 am - 10:30 am
The ISO 27000 Ecosystem (R20c)
While ISO 27000 and ISO 27001 are the most recognized standard are many other Standards in the Ecosystem and this presentation will provide an introduction to these other standards.
Willibert Fabritius
9:30 am - 10:00 am
ISO 27000 Certification Helping Organizations in GDPR Compliance (R20b)
The information security management system as defined by ISO 27000 lays the foundation for data privacy. Annex controls of ISO 27000 standard provides the basic control to build a secured... Read More
Sanjay Basu
Neelov Kar
9:00 am - 9:30 am
Cross-Compliance Track Keynote Presentation: The Road to Compliance Starts with You (R20a)
Description to come
Erika Voss
9:10 am - 9:40 am
Cybersecurity Risk and Compliance: Past, Present and Future (P10b)
As an Information Security pioneer for more than 35 years, and the author of the original text behind ISO/IEC 27000, David has a unique perspective on the Cybersecurity landscape and... Read More
David Lacey
9:10 am - 9:50 am
Opening Plenary Keynote Presentation (P10b)
Description to come
4:45 pm - 5:15 pm
GDPR: Beyond the Talk, Let’s Get to Execution (E13c)
GDPR is climbing to the top of enterprise priorities, but much of the buzz fails to capture even a fraction of the technical challenges ahead. For example, GDPR does not... Read More
Michael Powell
4:15 pm - 4:45 pm
3:45 pm - 4:15 pm
Beyond Asset-Based Risk (E13a)
Enterprise Security Standards of today typically prescribe the creation of “asset-based” risk assessments to protect their enterprise information. Today’s multi-vector threat landscape requires us to think of risk in a... Read More
Andrea Hill
Angela Osborne
1:45 pm - 2:15 pm
Managing an ISO 27001 Certification Program in the Age of Acquisitions (E12a)
The cloud and IT services intra-industry competition has propelled the interest, adoption, and obtainment of various security certifications, to include ISO 27001, and the age of acquisitions in the never-ending... Read More
Shane York
12:15 pm - 12:45 pm
ISO 27001 as a Foundation for a Common Controls Framework (E11b)
Daryouche Behboudi
10:20 am - 11:00 am
Compliance Overview – The Options and What They Mean (P10d)
The compliance landscape can be overwhelming when dealing with customers (as well as internal management and sales personnel). A compliance team may have to address some of the following questions:... Read More
Scott Zelko
Ryan Mackie
11:45 am - 12:15 pm
Enterprise Compliance Track Keynote Presentation: ISO 27000, What’s in It For Me (E11a)
Description to come
James Goldstein
1:30 pm - 2:00 pm
Data Privacy: GDPR and Beyond (D22a)
Almost six months have passed since the GDPR came into force. What have been some of the biggest challenges leading up to GDPR but also during its first half year?... Read More
12:00 pm - 12:30 pm
Digital Data in the Age of “The Breach” (D21c)
In the age of digital data our society has taken a rather laissez-faire attitude toward personal information. We think nothing of providing our Social Security number to credit bureaus and... Read More
Kelly Kuchta
11:30 am - 12:00 pm
Adapting GDPR Requirements to Meet NIST 800-53 Rev. 5 (D21b)
GDPR is the latest compliance requirement going into effect (as of May 2018) that will be a game-changer for all businesses harvesting or interacting with data originating in the European... Read More
Tim Lowman
11:00 am - 11:30 am
Minimizing the Impact of Data Breaches in Dev and Test Databases (D21a)
According to Gartner, more than 80% of companies use sensitive data for non-production in development environments for more reliable testing. For the hacker, non-production environments are a tempting target as... Read More
Steve Jones
9:30 am - 10:00 am
Data Protection: Security In The Cyber Environment (D20b)
Cyber security and data protection is not about the adversary. The same techniques that protect against credit card scammers will protect against political information hackers. While the actors matter, ultimately,... Read More
Henry Sienkiewicz
10:00 am - 10:30 am
Introducing ISO/IEC 27552 Privacy Information Management System (D20c)
ISO/IEC 27552, better known as PIMS in standard development community, is a privacy extension to ISMS. It is designed as a certification standard to enable demonstration of privacy policy/regulatory compliance... Read More
Kimberly Lucy
1:45 pm - 2:15 pm
Taking Compliance to the Cloud (Tools and Techniques Using ISO Standards) (C12a)
To certify cloud applications organizations have to change. Traditional data center audits (PCI, HIPAA, FISMA, ISO 27001) are challenged by the risks, management and security boundaries presented by moving commercial... Read More
Tim Weil
12:15 pm - 12:45 pm
Assessment and Compliance for the Cloud (C11b)
Over the past five years, “Cloud Computing” has revolutionized how organizations do computing. It has driven a transformation from enterprise datacenters filled with servers to enterprise applications hosted in mega-facilities... Read More
Chris Williams
Siobhan Moran
11:45 am - 12:15 pm
How Do I Get Started With FedRAMP? (C11a)
Many organizations have solutions that can meet a variety of federal IT needs. However, due to either having no prior federal experience or minimal experience in providing on-prem solutions they... Read More
Martin Rieger
Kris Martel
9:45 am - 10:15 am
Cloud Compliance Keynote: Security & Compliance: A Driving Force Behind Moving to the Cloud (P10c)
With greater resiliency, elasticity, visibility, automation, and the availability of emerging technologies such as artificial intelligence and machine learning, security professionals can exceed their highest security and compliance objectives with... Read More
Michael South
Location
GD Building, Grand Conference Room
11 GD Building, River Mall, New york, USA 8879
+1-112-222-3344[email protected]
Recent News
Donec luctus imperdiet
Lorem ipsum dolor sit amet, consectetur adipisici elit, sed eiusmod tempor incidunt ut labore et dolore magna aliqua. Idque Caesaris facere voluntate liceret: sese habere.... Read More
Standard Post Format Title
Lorem ipsum dolor sit amet, consectetur adipisici elit, sed eiusmod tempor incidunt ut labore et dolore magna aliqua. Idque Caesaris facere voluntate liceret: sese habere.... Read More
Tickets
Presentation
Twitter Feed
Sponsors
Maecenas faucibus mollis interdum. Nullam id dolor
id nibh ultricies vehicula ut id elit.
id nibh ultricies vehicula ut id elit.
