Identity and Access Control Gaps that Derail CSfC and CMMC Implementations (C13a)
This session explores identity and access control weaknesses that undermine CSfC and CMMC implementations. Drawing on 32 CFR Part 170 requirements for annual assessment and affirmation, the speakers will explain why a risk‑informed continuous monitoring plan is essential for the affirming official. Attendees will learn how to sustain compliance beyond the assessment signature, uncover hidden gaps, and generate defensible evidence during the critical first 180 days. The talk highlights real‑world pitfalls and actionable strategies to protect organizations and keep affirmations accurate, defensible and CMMC‑ready.