Panel Disussion on CUI: Addressing Foundational Issues (M2b)
CMMC is ultimately about identifying best practices for protecting sensitive but unclassified information and then designing a program that is clear, repeatable, and affordable for all members of the DIB. Yet at the core of the standard, questions remain about exactly what companies should protect, let alone how to protect it. This panel will discuss some of the foundational issues that still exist around defining and identifying CUI along with some recommendations for overcoming those issues. Specifically, we will review the relationships between DFARS 7012, NIST 800-171 and CMMC, differences in CUI interpretation, potential consequences, and suggested remedies. Panelists will further discuss practical steps for identifying, managing and accurately scoping CUI within a contractor’s environment, as well as discussing requirements related to the categories and types of CUI and all authorized holders of CUI.