
04:52
We apologize for the delay, there was a problem with the zoom application setup which required a new meeting ID but we will get started shortly with abbreviated speakers so we can get to the content on time

17:18
Thank you for your patience. This is a prsentation that is extra today and the actual training will start in another 15 minutes

19:20
Ok, thank you for letting us know!

20:23
Ok. Thank you. Can you tell us who is talking?

20:39
Hello! There seems to be two mics running. Is anyone else experiencing an echo?

21:07
Yes

21:11
I, too, am receiving an audio echo.

21:13
Ok, thank for the update

21:20
I am too. When she gets closer to what looks like the AV equipment, the echo gets worse. When she's on the other side of the screen, it's ok.

21:25
Yes, I am getting an echo that makes it difficult to follow the speaker.

22:29
Agreed - an echo here too.

22:40
Will this slide deck of the extra presentation be made available to attendees?

22:46
It's better where she's standing now

22:48
is it better now?

22:54
yes

23:03
Yes perfect!

23:08
Yes! Thanks!

23:31
Yes, now it is more clear.

23:53
Yes, thank you!

27:48
Is the speaker Dr. Neuman?

33:51
the agenda is posted here at the bottom of the page if you'd like to get speaker names: https://virginiaptac.ecenterdirect.com/events/2590

33:51
Could you please repeat those sites - Bitsite?

35:41
it would be helpful if she repeated the questions that are being asked before answering them

36:19
will these slides be available to participants?

36:57
The slides are inluded in the email notification and you can download them in the pop up as PDF

37:31
slides here unless they changed: https://sites.usc.edu/cyberworkshops/workshop-materials/

37:42
Yes, we will send out Katie Harrington's slides tomorrow along with the video. These are new and not part of the actual standard workshop.

38:12
thank you

38:20
Thanks

38:41
give the people asking question a mic please

38:49
yes

40:32
can't hear questions

40:40
I agree - it would be nice to hear the questions.

40:45
Agreed

41:20
or at least repeat the question

41:57
The question was a long story and was recommending someone for her advisory committee.

42:21
Email any uestions you have for Katherine.

42:38
will those questions/comments be included in some way of the promised video recording of this?

42:54
We can't hear him as well as we could hear Katherine

42:55
the audience ones I mean

42:56
We cannot hear you

43:06
this is frustrating

43:11
Thanks! Much better with the mic!

43:12
Can you hear now?

43:17
better

43:18
yes thank you!

43:19
yes

43:26
yes

43:28
but much lower than the previous soeaker

43:31
better

44:21
what is the password for the slides?

44:27
Cyber

44:31
cyber

44:37
Small c

47:13
what was the name of the authentification system?

48:01
I think he said kerberos

48:33
Thanks

55:03
An earlier question was whether the questions you couldn't hear will be included in the recording. Unfortunately, the recording is the same as what you can see and hear online. The instructor, Dr. Neuman is practiced at repeating questions so there should be no further issues.

01:02:15
The slide deck from Katherine Arrington will be sent you tomorrow with a copy of the video of her presentation.

01:03:51
where cann we get the recording? I would like to download the audio from the 5/3 seminar

01:04:05
As a reminder, the current slide deck is available at https://sites.usc.edu/cyberworkshops/workshop-materials/ using the password: cyber.

01:05:18
Same question on recordings. I remotely attended Houston session and would like recording of that or another session. Was told it would be available and didn't take enough notes in case it wasn't. Oops.

01:05:59
question for speaker: if our business receives spam or phish email, they DO require reporting to DIB?

01:06:24
re: recording - thankyou

01:07:03
Today's recording will be made available due to the issues encountered and the guest speaker and the significance of her presentation. Other workshops are not available.

01:09:55
how do we ask the presentator a question?

01:11:41
Type your questions here and I will relay them.

01:11:44
ok

01:11:55
question for speaker: if our business receives spam or phish email, they DO require reporting to DIB?

01:13:51
For the IoTs, what if we have people who work from home that can access CUI from a "secure" laptop. DO they need to make a separate internet access point from their home devices?

01:17:11
Thanks! Didn't even think about someone seeing the screen through the window! :)

01:19:32
Or from a drone with a camera.

01:24:11
What is CMMC?

01:24:55
Cybersecurity Maturity Model Certification (CMMC)

01:25:17
This morning's speaker spoke about DoD's plans for this.

01:25:52
The DoD is working with John Hopkins University Applied Physics Laboratory (APL) and Carnegie Mellon University Software Engineering Institute (SEI) to review and combine various cybersecurity standards into one unified standard for cybersecurity.

01:27:41
These slides will be sent out tomorrow with the video and they include a proposed timeline and levels of security required. It will also include a third party certification in 2020.

01:29:47
NIST SP 800-171 version 2 is due out "any day" now. Is this the same as the DOD's CMMC or still happening, or what? How are they related?

01:32:33
do we have to send it to ALL primes or only the one(s) affected?

01:34:41
we have to report incident caused by COTS product even we are not responsible for fixing it and have to wait for vendor

01:35:21
CMMC and NIST SP 800-171 fit together. You will see how in the slides I will send tomorrow. A level one security has to implement fewer of the controls than a level two and above. The CMMC is still under development and there will be 10 collaborative sessions across the country.Time Frame: July – Aug 2019

01:49:52
can the microphone of folks online be muted please

01:50:53
mute everyone please

01:51:11
Appleton - please mute

01:51:26
someone is talking in another language over the presenter!

01:51:33
and we can see him

01:51:45
Appleton, please mute your feed

01:51:46
Apleton

01:51:47
appleton please mute

01:52:02
Appleton Please mute your phone

01:52:09
We missed everything because of Appleton

01:52:10
Appleton - please turn off your video

01:52:22
We can hear and see you

01:52:31
omg this guy we cant hear the presenter

01:52:32
appleton please mute and turn off camera

01:52:48
Appleyton, please mute your mike

01:52:48
Dion can you please mute them?

01:52:49
MUTE YOUR FEED APPLETON PLEASE

01:52:55
dion could you please ask appleton to mute

01:53:01
No clue what's going on now! So frustrating!

01:53:07
Dion and Deepak

01:53:17
Appleton turn off your camera and mike pleas

01:53:18
Could you please mute Appleton

01:53:27
Ask the host to say it over the audio as he’s not monitoring the presentation

01:53:31
Please ask Dr. Neuman to ask Appleton to mute his speaker since he's not seeing the messages

01:53:55
thank you

01:53:57
thank you

01:54:01
Appleton, please pay attention. You're distracted.

01:54:20
I have been able to mute Appleton.

01:54:25
thanks

01:56:18
Thank you!!

01:57:26
how are CUI/CDI meet if we are resellers ?

01:57:46
CMMC and NIST SP 800-171 fit together. You will see how in the slides I will send tomorrow. A level one security has to implement fewer of the controls than a level two and above. The CMMC is still under development and there will be 10 collaborative sessions across the country.Is there a list of NIST compliant IT vendors?

01:58:29
We are now looking at a new slide not in your slide deck. We will post the updated slide deck at lunch and re-send the link.

02:01:11
where [and how] are COTS defined? Can we get our product on that list?

02:03:51
what about data collected and monitored using the cots product ? e.g. video software

02:09:24
I believe the curent slide answers this question - data is your responsibility.

03:05:17
Did the host announce when the lunch break would occur? I missed the first few minutes and may have missed it.

03:05:31
12pm

03:05:35
Thank you

03:06:28
Ibelieve at 12

03:24:21
What about systems like SharePoint? If all data is held on SharePoint not on individual machines.

03:24:23
Remote access- user has a company provided device. SHould we have software like NordVPN that hides their locations and who they are?

03:31:45
sanitization of data in the cloud ? doesit leave some thing there ? amazon s3

03:34:09
Isn’t this addressed by GCC High from Microsoft and Azure?

03:34:39
Is shredding files using software such as McAfee acceptable as a mean to "sanitize"

03:44:48
When are we back?

03:45:55
put the link in the chat

04:36:37
should the larger slide deck already be posted?

04:56:30
Is "malwarebytes" a good software to detect malware?

05:05:04
The larger slide deck is not yet available. We couldn't execute on that over lunch. You can get it tomorrow.

05:09:05
KASPERSKY

05:22:35
Do you have a sample plan you can provide?

05:23:50
Slamani, Are you asking about a POA&M template

05:24:30
On slide 81:

05:24:45
NIST has released a template which you can use as the basis for writing your system security plan.See:https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-1/final/documents/CUI-SSP-Template-final.docx

05:25:31
On Slide 82:

05:25:35
NIST has release a template (blank table) for your plan of actions andmilestones:https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev- 1/final/documents/CUI-Plan-of-Action-Template-final.docx

05:26:32
There is also a template provided in the tools section of the link they shared during lunch.

05:26:36
These may be new slides. If so, you will receive a link to the updated slide deck tomorrow.

05:29:53
Would you please repost the link from lunch? I had to reboot my computer and lost it! Thanks!

05:36:12
https://sites.usc.edu/cyberworkshops/workshop-materials/

05:36:17
Password: cyber

05:44:31
Any tips on implementing auto log out?

05:45:58
Where are these settings in Windows?

05:46:09
I cannot find them

05:48:54
Google Root Policy editor to find the settings location. Apparently it is not in an obvious location.

05:49:08
The auto log out location.

05:49:08
Local Security Policy

05:50:59
I'm taking a 5 minute break and will pass along your questions when I return.

06:00:55
How effictive is harddrive encryption after the drive has been in use? Is it better to encrypt prior to using the harddrive?

06:03:34
ME

06:04:02
can u ask him to go back where the camera can see him please?

06:15:12
Your questions are welcome

06:18:10
Is the camera angle better?

07:14:49
yes thanks

07:33:38
Is it better to use webmail for email as opposed to email clients that store data on local computer?

07:43:23
What is CUI at rest? in 3.13.16

07:58:24
SCADA?

08:03:47
Supervisory Control and Data Aquisition

08:16:24
Thank you for the presentation.

08:16:59
where is this presentation recording being posted?

08:17:10
Thank you...this was very informative presentation.

08:17:34
i would like to get the recording of the presentation from this morning

08:18:03
YES, VERY INFORMATIVE. THANK U

08:18:09
Thank you so much for this great presentation! Even better... thank you for making it free for us small businesses that may not have been able to afford this training if it had a cost!

08:18:41
thanks a lot it was very usefull

08:19:31
Please help us add your comments to the post workshop survey, you will be receiving shortly

08:19:33
This workshop was great! Thank you to Northrop, USC and George Mason Univ. for working with the small business community

08:19:34
Thank you

08:20:07
This training session was very informative-Thank you!

08:20:27
We will email you the link to the recording and Katie's slides tomorrow. Dr, Neuman's updated slides will be available on the website tomorrow as well. https://sites.usc.edu/cyberworkshops/resources/

08:21:15
Dion, thanks for your help. The training was vey informative

08:21:22
The last link as some resources and will be improved next week. Not sure if the ones you want have been developed by NIST or others yet.

08:22:28
I'll pile on to all the comments and add that there is obviously lots of interest in the topic, one I find quite daunting with respect to implementing at a small company with limited resources (both skill and $$) and were to do next - let us know if there is any follow-on training please!

08:22:47
Thank you, will do.

08:23:36
THANK YOU Dr. Neuman for a very informative presentation, Dion for your adept facilitating of the presentation/questions, and Northrop Grumman for hosting!

08:25:19
Thank you signing off.