CSfCConference

DIBC26 is a finished! Thank you to everyone who joined us for CMMC Day, CC Day, CSfC, and DIB Cloud Services Day & brought incredible insight, energy, & collaboration to the series. Coming back next year? Be sure to lock in your renewal rate at certinfosec.org.

CSfC and DIB Cloud Services Day are in full swing! 🪩 Visit certinfosec.org to learn more.

CMMC Day and CC Day are a wrap 🌯 Today was packed with sessions, meaningful conversations, and real-world takeaways. Next up tomorrow: CSfC and DIB Cloud Services Day. If you’re here, don’t miss it. All part of Defense Industrial Base Cybersecurity Certification Series.

Few people have shaped the Defense Industrial Base’s cybersecurity requirements as much as Stacy Bostjanick. Now, as she steps out of government, she’s sharing: What CMMC was designed to solve—and what’s coming next 📍 Secure your spot: certinfosec.org

CMMC is no longer theoretical—it’s contractual. And no one understands its intent and direction better than Stacy Bostjanick, former Director of CMMC Policy at OUSD A&S. 👉 Join us: certinfosec.org 👉 Speaker profile: linkedin.com/in/stacy-bostj…

Zero Trust isn’t a slide. It’s a requirement. At DIB Cloud Services Day (part of DIBC), (Okta) translates this into actual product requirements. If your roadmap doesn’t reflect this yet, it will. certinfosec.org

This is a keynote you don’t want to miss. We’re announcing Stacy Bostjanick—the architect behind CMMC—as the Government Keynote speaker at CMMC Day—part of the DIB Cyber Certification Series . Learn more + register: certinfosec.org Speaker: linkedin.com/in/stacy-bostj…

Most CC delays aren’t technical—they’re self-inflicted. 🎤 Lessons Learned from Recent Certifications with Justin Fisher (Leidos) This is the CC Day session (part of DIBC) that saves months of rework. 🔗 certinfosec.org

CSfC isn’t standing still—and neither are the Capability Packages. Get the latest directly from NSA: Nathan DeGruttola (NSA) will break down the CSfC Engineering Capability Package & Annex Roadmap. This session alone is worth the trip to DIBC. 🔗 certinfosec.org

Want to know what assessors are actually seeing? Some valuable sessions: 👉 Andrew Freund linkedin.com/in/andrewfreun… 👉 Michael Brooks linkedin.com/in/michael-bro… 👉 Corey Garretson (RADICL) – Where companies stumble early 📍 Details: certinfosec.org

FedRAMP is changing — and most product teams aren’t ready. At DIB Cloud Services Day (part of DIBC), (Red Hat) breaks down: “FedRAMP Modernization — What Changes for Product Teams and Compliance Ops” certinfosec.org

NDcPP changes aren’t academic—they impact your roadmap, budget, and timelines. 🎤 Differences Between NDcPP v3.0e and v4.0 with Kristy Knowles (Cisco) If you’re planning a certification in the next 12–24 months, you need this. 🔗 certinfosec.org

You don’t usually get to ask the CSfC PMO anything you want. At this conference, you do. Join the “Ask the PMO” Panel led by: John Dunker (NSA) and team—focused on program updates, process improvements, and what’s really changing behind the scenes. 🔗 certinfosec.org

CUI scoping is where most companies get it wrong. Don’t miss: 👉 Kyle Lai (KLC Consulting) – Custom software and CUI realities linkedin.com/in/kylelai/ 👉 Rachel Bassford (DEFCERT) – What organizations consistently overlook linkedin.com/in/rachel-bass…

Most “compliant cloud” architectures fail for one reason: They weren’t designed for sustained compliance across frameworks. DIB Cloud Services Day (part of DIBC), breaks down what actually works. certinfosec.org

What’s happening inside NIAP—and what’s coming next? Kick off CC Day with: Common Criteria: What’s Now, What’s Next with Jon Rolf, Retired NSA NIAP Director If you’re building or certifying products, this sets the tone for everything that follows. 🔗 certinfosec.org

If you care about CSfC, this is the room you need to be in. Expect real program updates, direction, and priorities—not recycled slides. 🔗 certinfosec.org

What’s really happening with CMMC—and where is it going? Start your day with: Government perspective on why CMMC exists and what’s next Industry insights from the front lines 📍 Join us at CMMC Day, part of DIBC: certinfosec.org

The agenda for DIB Cloud Services Day (May 5) is now live. This event is built around what actually matters in 2026: ➡️ Compliance that survives audits ➡️ Architectures that don’t dead-end ➡️ Evidence that works across frameworks Explore the agenda: certinfosec.org

Common Criteria isn’t going away—it’s evolving fast. At Common Criteria (CC) Day (part of the DIB Cyber Cert Series), we’re bringing together NIAP leaders, labs, vendors, and integrators to answer the real question: 📅 May 4 🔗 certinfosec.org