Afleveringen
-
The Cyber AB has officially released the CMMC Assessment Process Guide. Now that the “CAP” is official, CMMC “false starts” are officially something that defense contractors need to be aware of.
Register for CS2 | Reston with code SUMITUPRESTON for 15% off here: https://cs2.cloud/reston
CMMC Cap (PDF): https://cyberab.org/Portals/0/Documents/Process-Documents/CMMC-Assessment-Process-CAP-v1.0.pdf
False starts 1.0 (June ‘24): https://youtu.be/zwU4u86L_5A
NFO Controls: https://youtu.be/YEQd--RIUkU
Documentation Deep Dive: https://youtu.be/TXsKdH3hC6E
-
The CMMC Program has reached it “Birth” date and part of the celebration was the rellease ong the newly revised, effective, and in-force version of the CMMC Assessment Process (CAP, and the CMMC Code of Professional Conduct (CoPC). Jason and Joy have been picking apart these documents since their release; and on this week's show, they offer their 7 “high level” takeaways from CAP 2.0 & CoPC 2.0.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
CS2: Reston : https://cs2.cloud/reston
-
Zijn er afleveringen die ontbreken?
-
This week we're joined by Fenando Machado of Cybersec Investments, an authorized CMMC C3PAO. Fernando has been around the CMMC space for years and has helped a ton of companies successfully pass their Joint Surveillance Assessments. Fernando shares what he's learned ahead of the effective date of the 32 CFR CMMC final rule and the rest of the phased roll-out.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
Fernando: https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/
Cybersec Investments (C3PAO): https://cybersecinvestments.com/
(0:00 – 3:17): Intro (3:18 – 6:42): What's the key to assessment success? (6:43 – 8:48): What's the key to perfect scores? (8:49 – 11:42): Most problematic controls? (11:43 – 12:52): What's harder: technical or non-technical? (12:53 – 14:42): Are “False Starts” real? (14:43 – 17:44): How important is an MSP? (17:45 – 20:45): Current backlog? (20:46 – 22:38): $100k assessments? (22:39 – 24:27): Outro
-
What is the CMMC phased roll-out? How will the CMMC phased roll-out affect defense contractors and when? Most importantly: How should companies strategize based on the CMMC phased roll-out? We get into all of that and more this week.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
-
Who decides what CMMC status level is required in defense contracts? How do they decide? Q2 2025 is just around the corner and this week we dive into the decision factors that lead to CMMC status level requirements.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
48 CFR proposed rule podcast: https://youtu.be/Fzi3SFEs92U
-
A Joint Resolution of Disapproval has been submitted to disapprove the 32 CFR CMMC final rule. Is this the end of CMMC as we know it? Or, as is usually the case, has the ecosystem jumped to conclusions and let their confirmation bias get the better of them? This week we go deep into the Congressional Review Act and why there's much more to the story of Representative Palmer's resolution.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
Palmer's Resolution: https://www.congress.gov/bill/118th-congress/house-joint-resolution/221/text
GAO Report on the CMMC final rule: https://www.gao.gov/products/b-336776
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
Start working on that beach body of evidence because all signs point to CMMC showing up in defense contracts in Summer 2025. Turns out that our Summer estimate is more conservative than government estimates. However, if you're a subcontractor then it doesn't matter much because the big primes are already telling people what time it is.
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
SBA Blog: https://advocacy.sba.gov/2024/10/24/dod-final-cmmc-rule/
32 CFR Final Rule: https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certification-cmmc-program
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
As a result of the 32 CFR Final CMMC rule, many organizations will be looking for help comprehending and implementing the imposed requirements. On this episode of the show, Jason and Joy dig into the differences between the Registered Practitioner (RP) certificate, and the Certified CMMC Professional (CCP) certification to highlight the value of the trainings for OSAs and ESP, and point out the importance of due dillegence above all!
[Webinar] CMMC Finalized: The 32 CFR CMMC Final Rule | Register Now: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
SPRS Scoring Webinar with Koren Wise - https://us06web.zoom.us/meeting/register/tZIoceihrTgoEtIS5scNKD_VWYB5IvLdYjSq
-
[Webinar] CMMC Finalized: The 32 CFR CMMC Final Rule | Register Now: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
The Cyber AB Townhall for the Month of October is the First TH since the publishing of the 32 CFR Final CMMC rule. On this episode of the show, Jason and Joy dig into the information distributed during the Townhall surrounding the re-authorization of C3PAOs and the eligibility of CMMC Certified Assesors (CCA).
CMMC Pathfinder Tool: https://www.summit7.us/pathfinder
-
[Webinar] CMMC Finalized: The 32 CFR CMMC Final Rule | Register Now: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
After years of waiting the FAR CUI rule has cleared regulatory review and we should see the proposed rule published in just a few weeks. In this episode we briefly cover the history of the FAR CUI rule and discuss what we know about it (and what we think we know).
The FAR CUI rule review page: https://www.reginfo.gov/public/do/eoDetails?rrid=539461
CMMC Pathfinder Tool: https://www.summit7.us/pathfinder
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
The 32 CFR CMMC final rule is finally final! It's also 470 pages long. What gives? Public comment responses. Literally just 230 pages of responses to public comments. While some of the responses are helpful, much of the time DoD was forced to take the time and space to explain why comments weren't relevant to the CMMC program at all.
Final Rule Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
Effective Comments How To: https://youtu.be/1T_62cYiUA4?feature=shared
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?feature=shared
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
Yet another report analyzing defense contractor cybersecurity and compliance with DFARS contract clauses has found that adoption remains low. Even when companies are aware of their obligations, believe that CMMC will happen in 2024, and support minimum requirements there is no guarantee that implementation will happen. This week we dive into why that might be.
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
Calculating a self-assessment score is a fundamental part of complying with DoD cyber regulations. Unfortunately, Project Spectrum, the resource that DoD recommends more than any other no longer calculates an “SPRS score”. In this episode we briefly explain the requirement to self-assessment, the basics of calculating a score, and a little-known tool from DoD that can help.
Summit 7 Pathfinder Tool: https://www.summit7.us/pathfinder
Fuzzy Math (2021): https://youtu.be/843K3hkLquk
Project Spectrum: https://www.projectspectrum.io/#/
DIBCAC: https://www.dcma.mil/DIBCAC/
DoDAM (PDF): https://www.acq.osd.mil/asda/dpc/cp/cyber/docs/safeguarding/NIST-SP-800-171-Assessment-Methodology-Version-1.2.1-6.24.2020.pdf
CMMC Scoring: https://www.federalregister.gov/d/2023-27280/p-1429
CMMC False Starts: https://youtu.be/zwU4u86L_5A?
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
The Cyber AB held the monthly Townhall for September. And with the 32 CFR rule imminent, they have a lot of information to put out lately. On this week's episode, Jason and Joy are joined by Kyle Gingrich, Interim Executive Director of the CAICO, as they cover the information distributed during this months townhall, changes to CMMC Ecosystem roles, the gold ole' days of CMMC, and so much more.
Sum IT Up “CMMC Final Rule Publication: Imminent” : Driving a Future-Ready Transportation Sector (youtube.com)
Link to FedRAMp Equivalency Memo: FEDRAMP-EquivalencyCloudServiceProviders.pdf (defense.gov)
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
The 32 CFR CMMC final rule has officially cleared regulatory review. Next step: publication in the Federal Register. At this point the commercially availability of CMMC assessments is weeks away. This week Jacob and Jason go over the basics of rulemaking, the details of the CMMC rulemaking timeline, what's left in the process, and how to get started once and for all.
Summit 7 Pathfinder Tool: https://www.summit7.us/pathfinder
The History of CMMC (2010 – 2020): https://youtu.be/jbY2irZ1ePg
Pathfinder Tool Demo: https://youtu.be/JiDTCchfCa0?
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
This week we're deep diving into the details of DoD distribution statements with guest host Defcert CEO, Ryan Bonner. Hoping that your customer will proactively minimize CUI for you just isn't a viable strategy in this cruel world. Instead, Ryan walks us through his process for reverse engineering the government's decision to mark something (or not). Armed with this information, contractors can more easily push back on their customers and scope their DFARS and CMMC environments – the holy grail.
Summit 7 Pathfinder Tool: https://www.summit7.us/pathfinder
Ryan CS2 Denver: https://youtu.be/IEy-TkmKMt8?si=euj5dH7shvrvpbAt
RTX Charging Letter: https://www.linkedin.com/posts/jacob-evan-horne_whoopsie-daisy-62b-defense-corporation-activity-7237851962417774594-tbly
DoD CUI Registry: https://www.dodcui.mil/
NARA CUI Registry: https://www.archives.gov/cui/registry/category-list
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
Special guest host Daniel Akridge walks us through a visual of Procurement Administrative Lead Time compared to the CMMC rulemaking timelines. Daniel also walks us through Summit 7's CMMC Pathfinder Tool - a free resource companies can use to know exactly what steps they should take and what solutions might work best.
Connect with Daniel on LinkedIn: https://www.linkedin.com/in/danielakridge/
Connect with Jacob on LinkedIn: https://www.linkedin.com/in/jacob-evan-horne/
PALT Podcast: https://www.youtube.com/watch?v=NZs4f5voyrg
CMMC Pathfinder Tool: https://www.summit7.us/pathfinder
-
The team is back from Navy Gold Coast 2024, and we have some thoughts and takeaways from one of the largest defense industry conferences of the year. The DoD and small businesses are looking ahead to 2025 acquisition calendars while CMMC inches closer by the day.
Follow Hollie: https://www.linkedin.com/in/hollieflanner/
48 CFR Rule: https://youtu.be/Fzi3SFEs92U?si=HrOU9ZnlrSd_-hPr
PALT: https://youtu.be/NZs4f5voyrg?si=RNq22xmwbd7oZUxZ
National Defense Strategy Pod: https://youtu.be/TZtNQ8rg8eI?si=UKMscIx6tlkjKKuL
The DIB Cyber Strategy Pod: https://youtu.be/JYsmwcWzglU?si=veyhdqi0T2Dnhpsc
The National Defense Industrial Strategy Pod: https://youtu.be/ZKKkyK5PeOc?si=109D07JfcZFSVaXf
-
CMMC isn't a requirement to bid on defense contractors, but CMMC is a requirement to take award of DoD contracts. That means the most important metric is how much time you have between bidding and taking award. Turns out that “PALT” times are rarely long enough to go from zero to certified and that's a big, big problem for companies who are waiting on CMMC.
Episode Links:
48 CFR Proposed Rule: https://youtu.be/Fzi3SFEs92U?si=jUpnHDQvFiiqOuc8
GAO report on PALT: https://www.gao.gov/products/gao-24-106528
Secure the DIB replay: https://www.summit7.us/securethedib
-
1,417 days after the original CMMC contract clause was created and 1,003 days after the announcement of CMMC 2.0 here we are – the proposed rule revising DFARS clause 252.204-7021. This is the piece of the puzzle that will actually show up in your RFPs, contracts, awards, orders, etc. What does it say? Who does it affect? When will it show up? We step through it line-by-line.
- Laat meer zien
