Sum IT Up: CMMC News Roundup

The CMMC Program has reached it “Birth” date and part of the celebration was the rellease ong the newly revised, effective, and in-force version of the CMMC Assessment Process (CAP, and the CMMC Code of Professional Conduct (CoPC). Jason and Joy have been picking apart these documents since their release; and on this week's show, they offer their 7 “high level” takeaways from CAP 2.0 & CoPC 2.0. Pathfinder 101: https://www.summit7.us/pathfinder Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo CS2: Reston : https://cs2.cloud/reston

This week we're joined by Fenando Machado of Cybersec Investments, an authorized CMMC C3PAO. Fernando has been around the CMMC space for years and has helped a ton of companies successfully pass their Joint Surveillance Assessments. Fernando shares what he's learned ahead of the effective date of the 32 CFR CMMC final rule and the rest of the phased roll-out. Pathfinder 101: https://www.summit7.us/pathfinder Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo 32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule Fernando: https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/ Cybersec Investments (C3PAO): https://cybersecinvestments.com/ (0:00 – 3:17): Intro (3:18 – 6:42): What's the key to assessment success? (6:43 – 8:48): What's the key to perfect scores? (8:49 – 11:42): Most problematic controls? (11:43 – 12:52): What's harder: technical or non-technical? (12:53 – 14:42): Are “False Starts” real? (14:43 – 17:44): How important is an MSP? (17:45 – 20:45): Current backlog? (20:46 – 22:38): $100k assessments? (22:39 – 24:27): Outro

What is the CMMC phased roll-out? How will the CMMC phased roll-out affect defense contractors and when? Most importantly: How should companies strategize based on the CMMC phased roll-out? We get into all of that and more this week. Pathfinder 101: https://www.summit7.us/pathfinder Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo 32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule

Who decides what CMMC status level is required in defense contracts? How do they decide? Q2 2025 is just around the corner and this week we dive into the decision factors that lead to CMMC status level requirements. Pathfinder 101: https://www.summit7.us/pathfinder Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo 32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule 48 CFR proposed rule podcast: https://youtu.be/Fzi3SFEs92U

A Joint Resolution of Disapproval has been submitted to disapprove the 32 CFR CMMC final rule. Is this the end of CMMC as we know it? Or, as is usually the case, has the ecosystem jumped to conclusions and let their confirmation bias get the better of them? This week we go deep into the Congressional Review Act and why there's much more to the story of Representative Palmer's resolution. Pathfinder 101: https://www.summit7.us/pathfinder Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo 32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule Palmer's Resolution: https://www.congress.gov/bill/118th-congress/house-joint-resolution/221/text GAO Report on the CMMC final rule: https://www.gao.gov/products/b-336776