Sum IT Up: CMMC News Roundup

The Cyber Rule Everyone Forgot About Just Came Back

Remember CIRCIA? The proposed rule would create mandatory cyber incident reporting requirements for more than 300,000 organizations across 16 critical infrastructure sectors, including the Defense Industrial Base. Now CISA is holding a new round of town halls to gather feedback before issuing a final rule. In this episode, we explain why CIRCIA isn't just another version of DFARS 252.204-7012, the seven biggest differences defense contractors need to understand, and why the upcoming town halls may be the DIB's best opportunity to influence the final rule. Registration links for the CIRCIA Town Halls are included below. Register for Summit 7 Live: https://www.summit7.us/s7live CIRCIA Town Halls: https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia CIRCIA Proposed Rule Pod (2024): https://youtu.be/ngYSaO5fg5Y?si=VoVW54QvAzKe6r-r Proposed Rule: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements Congressional Research Service Report (PDF): https://www.congress.gov/crs-product/R48025 CIRCIA Hearing: https://homeland.house.gov/hearing/surveying-circia-sector-perspectives-on-the-notice-of-proposed-rulemaking/

May Cyber AB Town Hall Recap

The Cyber AB brought the ecosystem together to deliver pretty exciting news during the May monthly town hall. Join us for this week's episode as we break down some of the topics a little deeper to see what it actually means for the ecosystem. Things like: • Has production accelerated within the ecosystem? • Who is the new EVP of the Cyber AB? • Who actually attends these meetings? And so much more...Tune in to find out! Cyber AB TH Replay's: https://cyberab.org/News-Events/Town-Hall ISACA Website: https://www.isaca.org/ T3 Inquiries (older than 6 months): https://dowcio.war.gov/CMMC/Contact/ NIST SP 800-145: https://csrc.nist.gov/pubs/sp/800/145/final

DoD Updated the CMMC FAQs Again

DoD has updated the CMMC FAQs again, and the revision history doesn't tell the full story. In this episode, we break down the most important FAQ 2.3 changes, including significant changes, annual affirmations, CMMC UIDs, joint ventures, hard-copy CUI, and why the Affirming Official is one of the most important CMMC roles inside your company. Register for Summit 7 Live: https://www.summit7.us/s7live 100 Level 2-Certified Clients: https://www.summit7.us/blog/100-cmmc-l2-certified-clients NCODE: https://www.summit7.us/blog/ncode-contract-award CMMC FAQs: https://dodcio.defense.gov/CMMC/ January FAQ Pod: https://youtu.be/8ZxqqH0zws8?si=m5n8WQttWsZV8n24 Paper CUI Pod: https://youtu.be/lcIaxVBjyr0?si=17LdlP92NuCGa_ph

Lessons Learned from 100 Level 2 Client Certifications

It's milestone season in the CMMC world. Just six months into the Phased Rollout and there are 2.5x more Level 2 certifications than DoD expected. Meanwhile, a significant portion of those certs are Summit 7 clients. We now work with more than 100 Level 2 certified companies. Last but not least, Summit 7 was awarded the Army's NCODE contract to help bring secure and compliant enclaves to micro-sized defense contractors. Exciting times. Register for Summit 7 Live: https://www.summit7.us/s7live 100 Level 2-Certified Clients: https://www.summit7.us/blog/100-cmmc-l2-certified-clients NCODE: https://www.summit7.us/blog/ncode-contract-award

The Numbers Behind CMMC Assessment Capacity

Everyone keeps saying there aren't enough CMMC assessors. The data tells a very different story. In this episode we break down actual assessment capacity using the current number of certified assessors, DoD's rollout estimates, and capacity growth rates across the ecosystem. How quickly is the ecosystem scaling toward future demand targets of 16,000 and even 25,000 assessments per year? Turns out the real bottleneck isn't assessor capacity at all. ... Register for Summit 7 Live: https://www.summit7.us/s7live GAO Report (2026): https://www.gao.gov/products/gao-26-107955 GAO Report (2021): https://www.gao.gov/products/gao-22-104679