Send us a text Even with a government shutdown, the CMMC compliance clock keeps ticking. ⏰🔐 In this episode, we uncover the paradox facing defense contractors: while agencies pause, cybersecurity deadlines don’t. The DoD’s timelines, affirmations, and enforcement plans continue to move forward—leaving unprepared firms at risk when operations resume. 🎙️ Here’s what you’ll learn: ✅ How the shutdown impacts CMMC implementation (and how it doesn’t) ✅ Why contractors should use this ti...

Send us a text In this episode, we break down the Department of Defense’s final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to integrate the Cybersecurity Maturity Model Certification (CMMC). We’ll cover what these new contractual obligations mean for contractors, including self-assessment reporting in SPRS, continuous compliance affirmations, and the phased rollout of CMMC requirements. Join us as we unpack key definitions, address industry concerns, and highl...

Send us a text 🚨 CMMC 2.0 Is Rolling Out: Is Your Business Ready? The latest version of the Cybersecurity Maturity Model Certification (CMMC) is reshaping how contractors handle security across the Defense Industrial Base. From new assessment levels to increased scrutiny, the changes are significant—and noncompliance could cost you contracts. Understand what’s changed 🧩 Learn how implementation will impact your operations 🛡️ Get expert insights to stay compliant and competitive &n...

Send us a text 🚨 N𝗲𝘄 𝗣𝗼𝗱𝗰𝗮𝘀𝘁 𝗘𝗽𝗶𝘀𝗼𝗱𝗲 𝗔𝗹𝗲𝗿𝘁! 🚨 We’re breaking down 𝗖𝗠𝗠𝗖 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗥𝗲𝗮𝗱𝗶𝗻𝗲𝘀𝘀 for manufacturers navigating defense contracts 🛡️🏭 If you’re part of the DoD supply chain, this episode is your essential guide to prepping for CMMC success. 🎙️ What’s Inside: ✅ What manufacturers need to know about CMMC 2.0 ✅ Common pitfalls and how to avoid them ✅ Steps to get audit-ready without overwhelm ✅ Insights from industry experts and assessors ✅ Aligning NIST 800-1...

Send us a text In this episode of CMMC News, we break down DoD Instruction 5200.48—the Department of Defense’s rulebook for handling Controlled Unclassified Information (CUI). Hosts take you through what CUI really means, why the DoD created a standardized approach, and what it takes to handle, mark, and share sensitive information properly. Learn why it’s critical for both DoD staff and contractors, what the marking and safeguarding requirements look like in real life, and how agencies and i...

Send us a text If you're a Department of Defense (DoD) contractor, navigating the world of CMMC 2.0 is essential—and it starts with understanding the role of a C3PAO. In this episode, we break down what a Certified Third-Party Assessor Organization (C3PAO) is, why it matters, and what to expect during a third-party CMMC assessment. You’ll learn: What a C3PAO does and how they’re approvedWhy passing a C3PAO assessment is non-negotiable for many contractsWhat the assessment process ...

Send us a text 🚨 Working with the Department of Defense or handling Controlled Unclassified Information (CUI)? Here’s what you need to know about the DOD’s new approach to NIST SP 800-171 Revision 3 ODP values. Just listened to the latest episode of CMMC News, where the hosts did a deep dive into the recent DOD memo standardizing “Organization Defined Parameters” (ODPs) for protecting CUI. If you’re a defense contractor—or work in the DIB—these aren’t just guidelines, they are your new minimu...

Send us a text 🔍 Want to stay ahead in the world of government contracts and cybersecurity? Dive into our latest CMMC News episode where we explore the NIST SP 800-171 DoD Assessment Requirements. It's all about breaking through the wall of acronyms and jargon to ensure you know exactly what the Department of Defense expects when it comes to protecting sensitive information. Here are 3 key takeaways: Understand Assessment Levels: We break down the three types of cybersecurity assessments — Ba...

Send us a text Hello LinkedIn community! 🌐 As we delve deeper into the cybersecurity requirements for Department of Defense (DOD) contracts, understanding DFARS Clause 252.204-7012 is crucial. It outlines safeguarding covered defense information (CDI) and protocols for cyber incident reporting. Here are three key takeaways for businesses and contractors engaging with the DOD: Understanding CDI: It’s essential to recognize what constitutes covered defense information. CDI includes sensitive te...

Send us a text We just dived deep into the Department of Defense's NIST SP 800-171 assessment requirements. This is crucial for any contractor involved with DoD contracts, especially when it comes to cybersecurity. Here are three key takeaways: Assessment Frequency: If you're implementing NIST SP 800-171, make sure you have a recent assessment conducted within the last three years for every covered information system tied to DoD contracts.Assessment Levels: There are three types of DoD assess...

Send us a text 🚀 Exciting Insights from Our Latest Deep Dive on the CMMC News Podcast! 🎧 In our newest episode, we unpack the intricacies of the Cybersecurity Maturity Model Certification (CMMC) and its alignment with NIST standards, essential for those engaged with Department of Defense contracts. Dive into the details with us as we explore practical implications and strategic alignments. 🔹 Key Takeaways: CMMC Levels Explained: Understand how the different levels of CMMC build upon each othe...

Send us a text 🚀 New Episode Alert: Navigating CMMC Compliance with ESPs and Inherited Controls 🚀 In our latest episode of CMMC News, we dive deep into the complexities of CMMC compliance and how to effectively manage the relationship with your External Service Providers (ESPs). This episode is packed with insights that are crucial for any DOD contractor aiming to unravel the intricacies of inheriting security controls while maintaining full compliance responsibility. Here's a sneak peek at t...

Send us a text 🌟 Just listened to another insightful episode of the CMMC News podcast, where the hosts take a deep dive into the complexities of CMMC, focusing on ESPs, SPAs, and VDIs. Here's what stood out to me: 🔍 Key Takeaways: Scoping ESPs in CMMC: The involvement of External Service Providers in the CMMC assessment depends largely on their interaction with Controlled Unclassified Information (CUI) and whether they are a Cloud Service Provider. Non-cloud ESPs processing CUI make the whole...

Send us a text In this episode of CMMC News, host Wilson Bautista Jr. breaks down the crucial factors to consider when choosing a CMMC consultant. He outlines five essential criteria: ensuring proper CMMC certification, verifying real audit experience, evaluating communication skills, determining consultation needs (assessment vs. implementation), and assessing cultural fit with your organization. Whether you're starting your CMMC journey or preparing for an audit, this episode provides valua...

Send us a text Welcome to another episode of CMMC News! Today, we're simplifying the complexities of cybersecurity compliance, specifically diving into how to choose the right Certified Third Party Assessment Organization (C3PAO) to guide your organization to CMMC compliance. I'm your host, Wilson Bautista Jr., and in this episode, we'll break down the key considerations to make the right choice. From examining a C3PAO's experience with federal compliance frameworks like NIST 80171 and FedRAM...

Send us a text A Department of Defense Inspector General audit (DODIG-2025-056) revealed that the Department of Defense (DoD) inadequately implemented its process for authorizing third-party organizations to conduct Cybersecurity Maturity Model Certification (CMMC) 2.0 assessments. The audit found that the DoD failed to ensure all required steps were completed before authorizing these organizations, increasing the risk of awarding contracts to companies lacking sufficient cybersecurity contro...

Send us a text Representative Gary Palmer introduced a resolution to overturn a Pentagon rule establishing the Cybersecurity Maturity Model Certification (CMMC) program. This Congressional Review Act resolution aims to allow Congress a vote on significant regulatory actions. The Department of Defense completed the necessary steps to implement the CMMC rule, which adds third-party assessments to existing cybersecurity standards for contractors. While some stakeholders support CMMC for improvin...

Send us a text This memorandum from the Department of Defense outlines requirements for cloud service providers (CSPs) seeking FEDRAMP Moderate equivalency. It details the necessary assessments and documentation, including security plans and testing procedures, that CSPs must meet. The memorandum emphasizes the importance of compliance with specified Defense Federal Acquisition Regulations Supplement clauses. Finally, it clarifies the roles and responsibilities of the contractor, CSP, and ass...

Send us a text In this episode of CMMC News, we unpack the Level 1 Cybersecurity Maturity Model Certification (CMMC) Assessment Guide, designed to help organizations self-assess their compliance with 15 basic cybersecurity requirements for protecting Federal Contract Information (FCI). We cover key aspects of the guide, including how to define the scope, clarify custom terms, apply assessment criteria and methodologies like examining, interviewing, and testing, and document findings as MET, N...

Send us a text In this episode of CMMC News, we dive into the guidance for defining the scope of a Level 3 Cybersecurity Maturity Model Certification (CMMC) assessment. We discuss the asset categories—CUI Assets, Security Protection Assets, Specialized Assets, and Out-of-Scope Assets—and their specific requirements. Learn how to categorize and document assets in an inventory and network diagram, and understand the role of External Service Providers (ESPs) and Cloud Service Providers (CSPs) in...