Sum IT Up: CMMC News Roundup

A Perfect SPRS Score Turned Into a $507K Settlement

The DOJ has announced its first cybersecurity False Claims Act settlement of 2026, and the details should get every defense contractor's attention. In this episode, we break down the LOGZONE settlement, the difference between DFARS 252.204-7012 and CMMC, how a perfect SPRS score became a DIBCAC assessment score of -170, and why this case may be a preview of additional enforcement actions still working their way through the system. Topics covered: • LOGZONE FCA settlement details • DFARS 252.204-7012, 7019, and 7020 • SPRS self-assessment scores • DIBCAC medium assessments • Why no whistleblower was required • What this means for defense contractors moving forward Settlement and source documents linked below. Register for Secure The DIB: http://summit7.us/event/secure-the-dib-telethon Register for Summit 7 Live: https://www.summit7.us/s7live DOJ Settlement: https://www.justice.gov/opa/pr/alabama-defense-contractor-agrees-pay-507144-resolve-false-claims-act-liability-relating DoD IG + DOJ (2023): https://youtu.be/_3GLX6ele_E?t=448 FCA pod w/ Alexander Canizares: https://youtu.be/Tga0krfIrEk?si=i6E2FuLY7QLNGmos FCA pod w/ Stephanie Siegmann: https://youtu.be/d1yweDy2wV4?si=drOwbWxBm9GAlh38 FCA w/ Bruce Judge: https://youtu.be/tqT_5yQBlOk?si=xgmqev-87KTKpxUJ

What 2,005 Votes Revealed About Why Organizations Struggle With CMMC

Register for Secure The DIB: https://www.summit7.us/secure-the-dib-telethon Over the last two months, we ran the CMMC Challenge Bracket. Eight matchups, 907 participants, 2,005 votes. The winner? Leadership Buy-In. But the final standings were only part of the story. In this episode, we break down the voting trends, coalition shifts, and comment analysis to understand what the community actually believes is holding organizations back from CMMC success.

We Predicted 2026. Here's What We Got Right (and Wrong) About CMMC

Back in January, we made seven predictions about where the CMMC ecosystem would be by the end of 2026. Now that we're halfway through the year, we're checking the scoreboard. In this episode: • Level 2 certification growth • False Claims Act enforcement trends • Funding and compliance assistance programs • The FAR CUI rule • CMMC 3.0 and NIST SP 800-171 Rev. 3 • Early Level 3 activity • What the GAO report actually found Some predictions are looking strong. Others are too close to call. And at least one is trending in the wrong direction. Here's our mid-year reality check on CMMC in 2026. Register for Summit 7 Live: https://www.summit7.us/s7live 2026 Predictions (January): https://youtu.be/WxgGtKpF3_s?si=I9MfjmkBDojCRThv GAO Report podcast: https://youtu.be/U0VhiN3qpdE?si=lD-Pbl3vyfbIMPw7 NCODE for SMBs: https://www.summit7.us/blog/ncode-contract-award Assessment Capacity podcast: https://youtu.be/e_1FztgNCHM?si=PdpkkVk3SSa1V4-2 CIRCIA update: https://youtu.be/bvwnNSpDZgU?si=bS0ARRUfvvzLemmK

The Cyber Rule Everyone Forgot About Just Came Back

Remember CIRCIA? The proposed rule would create mandatory cyber incident reporting requirements for more than 300,000 organizations across 16 critical infrastructure sectors, including the Defense Industrial Base. Now CISA is holding a new round of town halls to gather feedback before issuing a final rule. In this episode, we explain why CIRCIA isn't just another version of DFARS 252.204-7012, the seven biggest differences defense contractors need to understand, and why the upcoming town halls may be the DIB's best opportunity to influence the final rule. Registration links for the CIRCIA Town Halls are included below. Register for Summit 7 Live: https://www.summit7.us/s7live CIRCIA Town Halls: https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia CIRCIA Proposed Rule Pod (2024): https://youtu.be/ngYSaO5fg5Y?si=VoVW54QvAzKe6r-r Proposed Rule: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements Congressional Research Service Report (PDF): https://www.congress.gov/crs-product/R48025 CIRCIA Hearing: https://homeland.house.gov/hearing/surveying-circia-sector-perspectives-on-the-notice-of-proposed-rulemaking/

May Cyber AB Town Hall Recap

The Cyber AB brought the ecosystem together to deliver pretty exciting news during the May monthly town hall. Join us for this week's episode as we break down some of the topics a little deeper to see what it actually means for the ecosystem. Things like: • Has production accelerated within the ecosystem? • Who is the new EVP of the Cyber AB? • Who actually attends these meetings? And so much more...Tune in to find out! Cyber AB TH Replay's: https://cyberab.org/News-Events/Town-Hall ISACA Website: https://www.isaca.org/ T3 Inquiries (older than 6 months): https://dowcio.war.gov/CMMC/Contact/ NIST SP 800-145: https://csrc.nist.gov/pubs/sp/800/145/final