CMMC 2.0 is Here! Find Out What It Really Means for DIB and Non-DIB USG episode artwork

EPISODE · Nov 12, 2021 · 41 MIN

CMMC 2.0 is Here! Find Out What It Really Means for DIB and Non-DIB USG

from The Virtual CISO Podcast · host John Verry

The US Department of Defense (DoD) has just announced CMMC 2.0, a new strategic direction for its cybersecurity program based on public comment and internal assessment. So what does it all mean? Many sources say that CMMC 2.0 is about "less requirements,"—but it's really much more about changing how the DoD will hold defense contractors accountable to the NIST SP 800-171 requirements that have been in place all along. We're speaking to two of our best Security Consultants from right here within our ranks at Pivot Point Security: George Perezdiaz, CMMC / NIST Security Consultant, and Caleb Leidy, CMMC Consultant/Provisional Assessor. In this episode, we discuss: - What's new and what's not with CMMC Level 1 (for securing FCI) and what is now called CMMC Level 2 (for securing CUI) - The overall realignment of the US government's cybersecurity audit program with NIST 800-171 - "Bifurcation" and who will and won't need a third-party audit if you handle CUI - How CMMC 2.0's new accountability process fits with the recent cybersecurity executive order, the Civil Cyber-Fraud Initiative, the False Claims Act, and upcoming rule changes to 32 CFR and 48 CFR - Why "letters of affirmation" are a boon to SMB security and IT leaders compared to the threat of a third-party audit Mentioned during the podcast: eCFR :: Home To hear this episode and many more like it, you can subscribe to The Virtual CISO Podcast here. If you don't use Apple Podcasts, you can find all our episodes here. Listening on a desktop & can't see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.

The US Department of Defense (DoD) has just announced CMMC 2.0, a new strategic direction for its cybersecurity program based on public comment and internal assessment. So what does it all mean? Many sources say that CMMC 2.0 is about "less requirements,"—but it's really much more about changing how the DoD will hold defense contractors accountable to the NIST SP 800-171 requirements that have been in place all along. We're speaking to two of our best Security Consultants from right here within our ranks at Pivot Point Security: George Perezdiaz, CMMC / NIST Security Consultant, and Caleb Leidy, CMMC Consultant/Provisional Assessor. In this episode, we discuss: - What's new and what's not with CMMC Level 1 (for securing FCI) and what is now called CMMC Level 2 (for securing CUI) - The overall realignment of the US government's cybersecurity audit program with NIST 800-171 - "Bifurcation" and who will and won't need a third-party audit if you handle CUI - How CMMC 2.0's new accountability process fits with the recent cybersecurity executive order, the Civil Cyber-Fraud Initiative, the False Claims Act, and upcoming rule changes to 32 CFR and 48 CFR - Why "letters of affirmation" are a boon to SMB security and IT leaders compared to the threat of a third-party audit Mentioned during the podcast: eCFR :: Home To hear this episode and many more like it, you can subscribe to The Virtual CISO Podcast here. If you don't use Apple Podcasts, you can find all our episodes here. Listening on a desktop & can't see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.

NOW PLAYING

CMMC 2.0 is Here! Find Out What It Really Means for DIB and Non-DIB USG

0:00 41:43

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of The Virtual CISO Podcast?

This episode is 41 minutes long.

When was this The Virtual CISO Podcast episode published?

This episode was published on November 12, 2021.

What is this episode about?

The US Department of Defense (DoD) has just announced CMMC 2.0, a new strategic direction for its cybersecurity program based on public comment and internal assessment. So what does it all mean? Many sources say that CMMC 2.0 is about "less...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this The Virtual CISO Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!