At long last we've come to the fourth and final episode covering every finding and allegation in the DoD Inspector General Report on the CMMC process for authorizing 3rd-party assessment organizations. So far none of the 10 findings come anywhere close spelling doom for the CMMC program. Perhaps the juiciest scandals were saved for last?
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
DoD IG report: https://www.dodig.mil/reports.html/Article/4028189/audit-of-the-dods-process-for-authorizing-third-party-organizations-to-perform/
IG Report Part 1: https://youtu.be/RNafaUlgBGo?si=4prcpAp3GUAhk8nN
IG Report Part 2: https://youtu.be/_kU7N2uI3xU?si=li1PwnG-FRSBjzyb
IG Report Part 3: https://youtu.be/3ND8RG2cKEc?si=ap5N5jasjYSztUVn
We're almost done with our exploration of DoD Inspector General audit of the CMMC C3PAO authorization process. The last two recommendations might be the most perplexing of all. Maybe the Inspector General saved the best for last?
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
DoD IG report: https://www.dodig.mil/reports.html/Article/4028189/audit-of-the-dods-process-for-authorizing-third-party-organizations-to-perform/
IG Report Part 1: https://youtu.be/RNafaUlgBGo?si=4prcpAp3GUAhk8nN
IG Report Part 2: https://youtu.be/_kU7N2uI3xU?si=li1PwnG-FRSBjzyb
Saknas det avsnitt?
The Cyber AB is back with their monthly Town Hall meeting. This week we dive into “what's new” with the CMMC Program for the month of February covering things like: What do the ecosystem numbers look like right now? What's up with T3 suitability? Can people announce if they're certified yet? And so much more!
Register for CS2 Reston: https://cs2.cloud/reston
Register for S7 Live: https://www.summit7.us/s7live
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
The DoD has released guidance to the contracting workforce that implements the 32 CFR CMMC final rule. This week we discuss the two big takeaways for defense contractors. 1) Level 2 self-assessments are unlikely for 99% of companies. 2) CMMC waivers will be even more rare.
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
Memo (PDF): https://dodprocurementtoolbox.com/uploads/DOPSR_Cleared_OSD_Memo_CMMC_Implementation_Policy_d26075de0f.pdf
NARA CUI Registry: https://www.archives.gov/cui/registry/category-list DoDI 5230.24 (PDF): https://www.esd.whs.mil/portals/54/documents/dd/issuances/dodi/523024p.pdf
This week we continue our exploration of DoD Inspector General audit of the CMMC C3PAO authorization process. The majority of the recommendations pertain to the Cyber AB, but are all of the recommendations even actionable? We think you'll be surprised at the disparity between the headlines and what the report actually says.
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
Part 1: https://youtu.be/RNafaUlgBGo?si=2gzHIeHv0JevFwbx
DoD IG report: https://www.dodig.mil/reports.html/Article/4028189/audit-of-the-dods-process-for-authorizing-third-party-organizations-to-perform/
The DoD Inspector General's report on the C3PAO authorization process is out and people haven't been shy with their takes on the findings. This week we dive into the first set of recommendations to see if there really is a smoking gun. We think you'll be surprised at the disparity between the headlines and what the report actually says.
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
DoD IG report: https://www.dodig.mil/reports.html/Article/4028189/audit-of-the-dods-process-for-authorizing-third-party-organizations-to-perform/
The Cyber AB is back with their monthly Town Hall meeting. This week we dive into the current status of the CMMC Program, the last checklist item before official L2 certification announcements, and more.
Register for CS2 Reston: https://cs2.cloud/reston - Use code SUMITUPRESTON for listener discount
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
AB Town Halls: https://cyberab.org/News-Events/Town-Halls/Details/february-town-hall
“Freeze” Memo: https://youtu.be/L6FUBpogntM?si=0blDfn4tj3E6y_hC
Regulatory “freeze memos” have been common practice for new presidential administrations since 2001. Some people believe the most recent freeze memo spells the end of CMMC. Those people are incorrect for an assortment of reasons that we dive into this week.
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
The “freeze memo” (2025): https://www.whitehouse.gov/presidential-actions/2025/01/regulatory-freeze-pending-review/
The “freeze memo” (2021) (PDF): https://www.regulationwriters.com/downloads/Klain_Freeze_Memo-012021.pdf
The “freeze memo” (2017): https://trumpwhitehouse.archives.gov/presidential-actions/memorandum-heads-executive-departments-agencies/
The “freeze memo” (2009) (PDF): https://obamawhitehouse.archives.gov/sites/default/files/omb/assets/agencyinformation_memoranda_2009_pdf/m09-08.pdf
The “freeze memo” (2001): https://www.presidency.ucsb.edu/documents/memorandum-from-andrew-card
CMMC (32 CFR 170): https://www.ecfr.gov/current/title-32/subtitle-A/chapter-I/subchapter-G/part-170
Cybersecurity requirements for protecting controlled unclassified information (CUI) aren't just for defense contractors anymore. The FAR CUI rule will affect all federal contractors handling CUI (and even those who don't). This episode introduces the main elements of the rule at a 30,000-foot level.
Register for CS2 Reston: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
2024 Predictions: https://youtu.be/YzFkJGzny20?si=H7UurOVBgKPxpH7Q
FedRAMP memo: https://youtu.be/torWNL3U7ZY?si=_yFHuMqXpCg6hYWy
FAR CUI Rule: https://youtu.be/-bYjDy7z7BA?si=sYytd46cIhmXIP8A
The NARA CUI Registry: https://www.archives.gov/cui/registry/category-list
Cost estimate of 171 (2023): https://youtu.be/DkYefZn_wNk
How to submit effective public comments: https://youtu.be/1T_62cYiUA4
It's that time of year again where we stake our reputations on predicting the future of the CMMC regulatory landscape. What does our crystal ball say about the future hold for rulemaking, FedRAMP, and the CMMC ecosystem in general?
Register for CS2 Reston: https://cs2.cloud
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
2024 Predictions: https://youtu.be/YzFkJGzny20?si=H7UurOVBgKPxpH7Q
FedRAMP memo: https://youtu.be/torWNL3U7ZY?si=_yFHuMqXpCg6hYWy
FAR CUI Rule: https://youtu.be/-bYjDy7z7BA?si=sYytd46cIhmXIP8A
A year ago we made seven predictions for the CMMC landscape. We got some right, we got a few mostly right, and we got a few “wrong”.
Register for CS2 Reston with code SUMITUPRESTON: https://cs2.cloud/reston
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
2024 Predictions: https://youtu.be/YzFkJGzny20?si=H7UurOVBgKPxpH7Q
The Cyber AB has officially released the CMMC Assessment Process Guide. Now that the “CAP” is official, CMMC “false starts” are officially something that defense contractors need to be aware of.
Register for CS2 | Reston with code SUMITUPRESTON for 15% off here: https://cs2.cloud/reston
CMMC Cap (PDF): https://cyberab.org/Portals/0/Documents/Process-Documents/CMMC-Assessment-Process-CAP-v1.0.pdf
False starts 1.0 (June ‘24): https://youtu.be/zwU4u86L_5A
NFO Controls: https://youtu.be/YEQd--RIUkU
Documentation Deep Dive: https://youtu.be/TXsKdH3hC6E
The CMMC Program has reached it “Birth” date and part of the celebration was the rellease ong the newly revised, effective, and in-force version of the CMMC Assessment Process (CAP, and the CMMC Code of Professional Conduct (CoPC). Jason and Joy have been picking apart these documents since their release; and on this week's show, they offer their 7 “high level” takeaways from CAP 2.0 & CoPC 2.0.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
CS2: Reston : https://cs2.cloud/reston
This week we're joined by Fenando Machado of Cybersec Investments, an authorized CMMC C3PAO. Fernando has been around the CMMC space for years and has helped a ton of companies successfully pass their Joint Surveillance Assessments. Fernando shares what he's learned ahead of the effective date of the 32 CFR CMMC final rule and the rest of the phased roll-out.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
Fernando: https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/
Cybersec Investments (C3PAO): https://cybersecinvestments.com/
(0:00 – 3:17): Intro (3:18 – 6:42): What's the key to assessment success? (6:43 – 8:48): What's the key to perfect scores? (8:49 – 11:42): Most problematic controls? (11:43 – 12:52): What's harder: technical or non-technical? (12:53 – 14:42): Are “False Starts” real? (14:43 – 17:44): How important is an MSP? (17:45 – 20:45): Current backlog? (20:46 – 22:38): $100k assessments? (22:39 – 24:27): Outro
What is the CMMC phased roll-out? How will the CMMC phased roll-out affect defense contractors and when? Most importantly: How should companies strategize based on the CMMC phased roll-out? We get into all of that and more this week.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
Who decides what CMMC status level is required in defense contracts? How do they decide? Q2 2025 is just around the corner and this week we dive into the decision factors that lead to CMMC status level requirements.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
48 CFR proposed rule podcast: https://youtu.be/Fzi3SFEs92U
A Joint Resolution of Disapproval has been submitted to disapprove the 32 CFR CMMC final rule. Is this the end of CMMC as we know it? Or, as is usually the case, has the ecosystem jumped to conclusions and let their confirmation bias get the better of them? This week we go deep into the Congressional Review Act and why there's much more to the story of Representative Palmer's resolution.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
Palmer's Resolution: https://www.congress.gov/bill/118th-congress/house-joint-resolution/221/text
GAO Report on the CMMC final rule: https://www.gao.gov/products/b-336776
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
Start working on that beach body of evidence because all signs point to CMMC showing up in defense contracts in Summer 2025. Turns out that our Summer estimate is more conservative than government estimates. However, if you're a subcontractor then it doesn't matter much because the big primes are already telling people what time it is.
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
SBA Blog: https://advocacy.sba.gov/2024/10/24/dod-final-cmmc-rule/
32 CFR Final Rule: https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
As a result of the 32 CFR Final CMMC rule, many organizations will be looking for help comprehending and implementing the imposed requirements. On this episode of the show, Jason and Joy dig into the differences between the Registered Practitioner (RP) certificate, and the Certified CMMC Professional (CCP) certification to highlight the value of the trainings for OSAs and ESP, and point out the importance of due dillegence above all!
[Webinar] CMMC Finalized: The 32 CFR CMMC Final Rule | Register Now: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
SPRS Scoring Webinar with Koren Wise - https://us06web.zoom.us/meeting/register/tZIoceihrTgoEtIS5scNKD_VWYB5IvLdYjSq
[Webinar] CMMC Finalized: The 32 CFR CMMC Final Rule | Register Now: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
The Cyber AB Townhall for the Month of October is the First TH since the publishing of the 32 CFR Final CMMC rule. On this episode of the show, Jason and Joy dig into the information distributed during the Townhall surrounding the re-authorization of C3PAOs and the eligibility of CMMC Certified Assesors (CCA).
CMMC Pathfinder Tool: https://www.summit7.us/pathfinder
- Visa fler