Securing Custom Software: Documenting Software Security Controls for CMMC Compliance

In this episode, Kaleigh and Bobby welcome back Kyle Lai to discuss the challenges and insights surrounding C3PAOs and the CMMC framework. They explore Kyle's journey into the C3PAO space, the current state of audits, and the importance of software development in compliance. The conversation highlights the need for collaboration between IT and software development teams, the significance of understanding controlled unclassified information (CUI), and the challenges faced during assessments. Kyle shares valuable insights on vulnerability management, the impact of open-source software, and strategies for leveraging existing platforms to ease compliance efforts. The episode concludes with a call for better communication and collaboration within organizations to ensure successful assessments and compliance.Kyle's LinkedIn: https://linkedin.com/in/kylelai/KLC Consulting: https://klcconsulting.netWeb Application Reference Architecture: https://acrobat.adobe.com/id/urn:aaid:sc:US:8bb4ebc1-8287-40af-8761-31bc035fa64cKLC's Playbook for CMMC Assessors: https://acrobat.adobe.com/id/urn:aaid:sc:US:abd836d0-7eea-43e5-ae72-86d06197fc54KLC's Software Security Principles Template and Related Resources:https://klcconsulting.net/cmmc-resource-tools/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/