We apologize for the delay, there was a problem with the zoom application setup which required a new meeting ID but we will get started shortly with abbreviated speakers so we can get to the content on time

Thank you for your patience. This is a prsentation that is extra today and the actual training will start in another 15 minutes

Ok, thank you for letting us know!

Ok. Thank you. Can you tell us who is talking?

Hello! There seems to be two mics running. Is anyone else experiencing an echo?

Yes

I, too, am receiving an audio echo.

Ok, thank for the update

I am too. When she gets closer to what looks like the AV equipment, the echo gets worse. When she's on the other side of the screen, it's ok.

Yes, I am getting an echo that makes it difficult to follow the speaker.

Agreed - an echo here too.

Will this slide deck of the extra presentation be made available to attendees?

It's better where she's standing now

is it better now?

yes

Yes perfect!

Yes! Thanks!

Yes, now it is more clear.

Yes, thank you!

Is the speaker Dr. Neuman?

the agenda is posted here at the bottom of the page if you'd like to get speaker names: https://virginiaptac.ecenterdirect.com/events/2590

Could you please repeat those sites - Bitsite?

it would be helpful if she repeated the questions that are being asked before answering them

will these slides be available to participants?

The slides are inluded in the email notification and you can download them in the pop up as PDF

slides here unless they changed: https://sites.usc.edu/cyberworkshops/workshop-materials/

Yes, we will send out Katie Harrington's slides tomorrow along with the video. These are new and not part of the actual standard workshop.

thank you

Thanks

give the people asking question a mic please

yes

can't hear questions

I agree - it would be nice to hear the questions.

Agreed

or at least repeat the question

The question was a long story and was recommending someone for her advisory committee.

Email any uestions you have for Katherine.

will those questions/comments be included in some way of the promised video recording of this?

We can't hear him as well as we could hear Katherine

the audience ones I mean

We cannot hear you

this is frustrating

Thanks! Much better with the mic!

Can you hear now?

better

yes thank you!

yes

yes

but much lower than the previous soeaker

better

what is the password for the slides?

Cyber

cyber

Small c

what was the name of the authentification system?

I think he said kerberos

Thanks

An earlier question was whether the questions you couldn't hear will be included in the recording. Unfortunately, the recording is the same as what you can see and hear online. The instructor, Dr. Neuman is practiced at repeating questions so there should be no further issues.

The slide deck from Katherine Arrington will be sent you tomorrow with a copy of the video of her presentation.

where cann we get the recording? I would like to download the audio from the 5/3 seminar

As a reminder, the current slide deck is available at https://sites.usc.edu/cyberworkshops/workshop-materials/ using the password: cyber.

Same question on recordings. I remotely attended Houston session and would like recording of that or another session. Was told it would be available and didn't take enough notes in case it wasn't. Oops.

question for speaker: if our business receives spam or phish email, they DO require reporting to DIB?

re: recording - thankyou

Today's recording will be made available due to the issues encountered and the guest speaker and the significance of her presentation. Other workshops are not available.

how do we ask the presentator a question?

Type your questions here and I will relay them.

ok

question for speaker: if our business receives spam or phish email, they DO require reporting to DIB?

For the IoTs, what if we have people who work from home that can access CUI from a "secure" laptop. DO they need to make a separate internet access point from their home devices?

Thanks! Didn't even think about someone seeing the screen through the window! :)

Or from a drone with a camera.

What is CMMC?

Cybersecurity Maturity Model Certification (CMMC)

This morning's speaker spoke about DoD's plans for this.

The DoD is working with John Hopkins University Applied Physics Laboratory (APL) and Carnegie Mellon University Software Engineering Institute (SEI) to review and combine various cybersecurity standards into one unified standard for cybersecurity.

These slides will be sent out tomorrow with the video and they include a proposed timeline and levels of security required. It will also include a third party certification in 2020.

NIST SP 800-171 version 2 is due out "any day" now. Is this the same as the DOD's CMMC or still happening, or what? How are they related?

do we have to send it to ALL primes or only the one(s) affected?

we have to report incident caused by COTS product even we are not responsible for fixing it and have to wait for vendor

CMMC and NIST SP 800-171 fit together. You will see how in the slides I will send tomorrow. A level one security has to implement fewer of the controls than a level two and above. The CMMC is still under development and there will be 10 collaborative sessions across the country.Time Frame: July – Aug 2019

can the microphone of folks online be muted please

mute everyone please

Appleton - please mute

someone is talking in another language over the presenter!

and we can see him

Appleton, please mute your feed

Apleton

appleton please mute

Appleton Please mute your phone

We missed everything because of Appleton

Appleton - please turn off your video

We can hear and see you

omg this guy we cant hear the presenter

appleton please mute and turn off camera

Appleyton, please mute your mike

Dion can you please mute them?

MUTE YOUR FEED APPLETON PLEASE

dion could you please ask appleton to mute

No clue what's going on now! So frustrating!

Dion and Deepak

Appleton turn off your camera and mike pleas

Could you please mute Appleton

Ask the host to say it over the audio as he’s not monitoring the presentation

Please ask Dr. Neuman to ask Appleton to mute his speaker since he's not seeing the messages

thank you

thank you

Appleton, please pay attention. You're distracted.

I have been able to mute Appleton.

thanks

Thank you!!

how are CUI/CDI meet if we are resellers ?

CMMC and NIST SP 800-171 fit together. You will see how in the slides I will send tomorrow. A level one security has to implement fewer of the controls than a level two and above. The CMMC is still under development and there will be 10 collaborative sessions across the country.Is there a list of NIST compliant IT vendors?

We are now looking at a new slide not in your slide deck. We will post the updated slide deck at lunch and re-send the link.

where [and how] are COTS defined? Can we get our product on that list?

what about data collected and monitored using the cots product ? e.g. video software

I believe the curent slide answers this question - data is your responsibility.

Did the host announce when the lunch break would occur? I missed the first few minutes and may have missed it.

12pm

Thank you

Ibelieve at 12

What about systems like SharePoint? If all data is held on SharePoint not on individual machines.

Remote access- user has a company provided device. SHould we have software like NordVPN that hides their locations and who they are?

sanitization of data in the cloud ? doesit leave some thing there ? amazon s3

Isn’t this addressed by GCC High from Microsoft and Azure?

Is shredding files using software such as McAfee acceptable as a mean to "sanitize"

When are we back?

put the link in the chat

should the larger slide deck already be posted?

Is "malwarebytes" a good software to detect malware?

The larger slide deck is not yet available. We couldn't execute on that over lunch. You can get it tomorrow.

KASPERSKY

Do you have a sample plan you can provide?

Slamani, Are you asking about a POA&M template

On slide 81:

NIST has released a template which you can use as the basis for writing your system security plan.See:https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev-1/final/documents/CUI-SSP-Template-final.docx

On Slide 82:

NIST has release a template (blank table) for your plan of actions andmilestones:https://csrc.nist.gov/CSRC/media/Publications/sp/800-171/rev- 1/final/documents/CUI-Plan-of-Action-Template-final.docx

There is also a template provided in the tools section of the link they shared during lunch.

These may be new slides. If so, you will receive a link to the updated slide deck tomorrow.

Would you please repost the link from lunch? I had to reboot my computer and lost it! Thanks!

https://sites.usc.edu/cyberworkshops/workshop-materials/

Password: cyber

Any tips on implementing auto log out?

Where are these settings in Windows?

I cannot find them

Google Root Policy editor to find the settings location. Apparently it is not in an obvious location.

The auto log out location.

Local Security Policy

I'm taking a 5 minute break and will pass along your questions when I return.

How effictive is harddrive encryption after the drive has been in use? Is it better to encrypt prior to using the harddrive?

ME

can u ask him to go back where the camera can see him please?

Your questions are welcome

Is the camera angle better?

yes thanks

Is it better to use webmail for email as opposed to email clients that store data on local computer?

What is CUI at rest? in 3.13.16

SCADA?

Supervisory Control and Data Aquisition

Thank you for the presentation.

where is this presentation recording being posted?

Thank you...this was very informative presentation.

i would like to get the recording of the presentation from this morning

YES, VERY INFORMATIVE. THANK U

Thank you so much for this great presentation! Even better... thank you for making it free for us small businesses that may not have been able to afford this training if it had a cost!

thanks a lot it was very usefull

Please help us add your comments to the post workshop survey, you will be receiving shortly

This workshop was great! Thank you to Northrop, USC and George Mason Univ. for working with the small business community

Thank you

This training session was very informative-Thank you!

We will email you the link to the recording and Katie's slides tomorrow. Dr, Neuman's updated slides will be available on the website tomorrow as well. https://sites.usc.edu/cyberworkshops/resources/

Dion, thanks for your help. The training was vey informative

The last link as some resources and will be improved next week. Not sure if the ones you want have been developed by NIST or others yet.

I'll pile on to all the comments and add that there is obviously lots of interest in the topic, one I find quite daunting with respect to implementing at a small company with limited resources (both skill and $$) and were to do next - let us know if there is any follow-on training please!

Thank you, will do.

THANK YOU Dr. Neuman for a very informative presentation, Dion for your adept facilitating of the presentation/questions, and Northrop Grumman for hosting!

Thank you signing off.