PODCAST · technology
CMMC Compliance Guide
by CMMC Compliance Guide
Our experiences inspired the creation of The CMMC Compliance Guide Podcast and its accompanying resources. The podcast began as a way to share what we learned through real-world challenges—like helping that aerospace machine shop—and to provide accessible education for businesses navigating DoD cybersecurity requirements.The CMMC Compliance Guide Podcast breaks down complex topics like NIST 800-171 and CMMC into actionable, easy-to-understand steps. Whether you’re a subcontractor struggling to meet compliance deadlines or a business owner looking to secure your supply chain, the guide offers practical advice to help you take control of your cybersecurity journey.
-
60
CMMC Phase 2 Certification Paused for 60 Days: What the DoD Memo Really Changes (and What It Doesn't)
Submit any questions you would like answered on the podcast!Here are the actual memos (Definitely worth a read): https://federalnewsnetwork.com/wp-content/uploads/2026/07/CIO-CMMC-Reform-Memo_26-P-1023.pdf?hss_channel=lcp-348902https://federalnewsnetwork.com/wp-content/uploads/2026/07/CIO-CMMC-Reform-Memo_26-P-1023.pdf?hss_channel=lcp-348902https://dodcio.defense.gov/Portals/0/Documents/Library/ImplementingSuspensionCMMC-PhaseII.pdfThe Department of War just paused the rollout of CMMC Phase 2's third-party certification requirement for 60 days. Austin breaks down what the memo actually says, what it doesn't say, and why "certification is paused" is not the same thing as "compliance is paused."In this episode:What the 60-day pause on CMMC Phase 2 actually covers (hint: it's the certification verification process, not the underlying NIST 800-171 requirements)Why this could ultimately make your path to CMMC less expensive, and why that's not a reason to slow downWhy contractors who are already deep into implementation are in the strongest position no matter which direction this goesWhy assuming "compliance has disappeared" is the riskiest read of this newsWhat happens if third-party certification gets replaced with a stronger self-attestation or spot-check model, and why unsupported SPRS scores are already a liabilityA trade show story about a Department of War investigator actively pursuing ITAR fraud leads, and what that says about enforcement appetite right nowWhat to actually do in the next 60 days while DoD figures out the future of the verification model
-
59
CMMC for Small Aerospace Suppliers: Real Costs, DIY Limits, Level 1 vs 2, and the November 2026 Deadline
Submit any questions you would like answered on the podcast!Small aerospace suppliers are getting hit with the same CMMC questions over and over: what do I actually need to do if my contract requirements aren't clear yet, does redacting a drawing get it out of CUI territory, will a tool like ThreatLocker or Prevail make me compliant, and what is this actually going to cost. In this episode, Stacey and Brooke from Justice IT Consulting go through the real answers small manufacturers, machine shops, and engineering firms need before the November 10, 2026 DFARS CMMC requirement hits new DOD contracts.Topics covered:Why you can't fully plan compliance without knowing FCI vs. CUI exposure, and what that means for your Microsoft 365 environment (GCC vs. GCC High)Why redacting a customer name or contract number from a drawing does NOT remove CUI statusWhy compliance tools alone (ThreatLocker, Prevail, etc.) can't get you certifiedRealistic cost ranges for CMMC Level 2 certification, and why "$5,000" and "$20,000" quotes are misleadingHow far a small company can actually get doing CMMC in-house, including where AI-generated policies fall shortWhether to start at Level 1 and move up later, or go straight to Level 2What changes for new DOD contracts after November 10, 2026How to get an honest readiness check with a gaps assessment before spending moneyWe're also co-hosting a free live webinar with FutureFeed and Preveil on shared responsibility in CMMC assessments, covering how to read a customer responsibility matrix and close gaps before they become assessment findings. Tuesday, July 21st at 12 PM Central. Register (free, recording sent to all registrants): cmmccomplianceguide.com/podcast
-
58
Cyber AB May 2026 Town Hall Recap: External Service Providers, Marketplace 2.0, New Leadership & OSC Accountability Explained
Submit any questions you would like answered on the podcast!The Cyber AB's May 2026 Town Hall packed in major updates and if you work with an MSP, use cloud services, or are trying to figure out where your compliance responsibility actually ends, this episode is required listening. Brooke and Stacey break down everything contractors need to know: ESP vs. CSP distinctions, FedRAMP changes, new leadership, Marketplace 2.0, and the single biggest takeaway every OSC needs to hear.📌 What You'll Learn:What the new joint venture FAQ clarifies — and what actually changes (hint: less than you think)The status of the official CMMC certification badge and what you can display right nowHow FedRAMP 20X is changing authorization language — and why DoD's "moderate equivalency" standard isn't movingThe three questions every OSC must answer about their ESPHow to tell the difference between an MSP and a CSP — in plain EnglishThe 5 NIST 800-145 criteria that determine whether a service counts as cloud computingCyber AB ecosystem updates: monthly RPO meetings launching in July and Marketplace 2.0 previewThe biggest takeaway from the town hall — and why the burden always lands on the OSCWebinar Announcement: Whose Control Is It Anyway? — free live event July 21st at 12 p.m. CT - Sign up by clicking HERE
-
57
New CMMC FAQ Clarifications: Joint Ventures, Paper-Only CUI, Reassessment Triggers & Where MSPs Actually Fit in Scope
Submit any questions you would like answered on the podcast!The Department of Defense just updated its CMMC FAQ document — and the clarifications inside answer some of the most common (and costly) assumptions contractors make. In this episode, Brooke and Stacey break down what changed for joint ventures, paper-only CUI, significant change triggers, and how MSPs and MSSPs actually fit into assessment scope.If you're navigating a merger, working with subcontractors, or relying on an MSP to manage your environment, this episode clears up exactly where you stand — and where you don't.📌 What You'll Learn:Why joint ventures do NOT automatically inherit a company's CMMC certification statusThe new guidance on paper-only CUI — and when it does NOT require Level 2 assessmentWhat actually counts as a "significant change" that triggers reassessment (mergers, system consolidation, and more)Why MSPs don't need their own CMMC certification — but still carry major assessment responsibilitiesThe difference between CUI scope and Security Protection Data (SPD) scope for MSPs/MSSPsThe five-part test for whether an MSP counts as a Cloud Service Provider (CSP)Listener Q&A: Do subcontractors need cybersecurity training and screening too?
-
56
The CMMC Reality Check: Gap Assessments, Documentation Overload & Why 30-Day Compliance Claims Are a Red Flag
Submit any questions you would like answered on the podcast!Most defense contractors don't realize how complex CMMC compliance really is until they're already in trouble. In this episode, Brooke and Stacey break down the exact moments where contractors hit their wake-up call, what to expect from a gap assessment, and why waiting until the last minute could cost you your DoD contracts.Whether you're just starting your CMMC journey or think you're close to ready, this episode will show you what you're probably missing and how to get ahead of it.
-
55
CS5 West 2026 CMMC Recap for Defense Contractor
Submit any questions you would like answered on the podcast!In this episode of the CMMC Compliance Guide Podcast, Brooke breaks down the biggest takeaways from CS5 West 2026, one of the largest conferences in the CMMC ecosystem.The biggest message from the conference was clear: CMMC is no longer theoretical. Assessments are happening now, companies are already getting certified, and many contractors are running out of time to prepare before Phase 2 requirements begin appearing on contracts.We discuss what assessors are seeing during mock and certification assessments, why documentation continues to be one of the biggest failure points, and why scoping mistakes are still creating major problems for manufacturers and defense contractors.We also cover: Why small contractors are struggling with implementation How primes are pressuring subcontractors to get certified early Why enclave strategies are often misunderstood The ongoing debate around G-code and CUI Why continuous compliance matters after certification The importance of mock assessments How False Claims Act risk ties into annual affirmations If you are a defense contractor trying to understand where CMMC enforcement is heading and what the industry is seeing right now, this episode gives you a practical, real-world update from inside the ecosystem.
-
54
How Small Defense Contractors Can Handle CMMC Compliance
Submit any questions you would like answered on the podcast!In this episode of the CMMC Compliance Guide Podcast, we tackle one of the biggest challenges in the Defense Industrial Base: how small contractors without internal IT teams are realistically handling CMMC compliance.Many small manufacturers, machine shops, and defense suppliers feel overwhelmed by CMMC because they do not have dedicated cybersecurity, compliance, or IT security staff. Instead, employees wear multiple hats while trying to keep daily operations moving.We break down what compliance actually looks like for smaller contractors, what can realistically be outsourced, what responsibilities still stay with the company, and why buying tools like Microsoft 365 GCC High does not automatically make you compliant.We also explain why data flow mapping and scope are critical, how shared responsibility matrices work with MSPs and MSSPs, and the biggest mistakes smaller companies make when trying to shortcut compliance.If you are a small or mid-sized defense contractor trying to understand how to approach CMMC without a massive budget or internal compliance department, this episode will help you build a realistic roadmap.
-
53
Why Contractors Fail CMMC Assessments and How to Prepare
Submit any questions you would like answered on the podcast!In this episode of the CMMC Compliance Guide Podcast, we break down one of the most frustrating realities for defense contractors thinking you are ready for a CMMC assessment, only to find out you are not.Many companies believe they are compliant because they have security tools in place, policies written, and even a high SPRS score. But when assessors actually evaluate the environment, major gaps often appear.We explain why this happens, how C3PAOs actually assess your environment, and what separates companies that pass their CMMC Level 2 assessment from those that fall short.You will learn how assessors use examine, interview, and test methods, why the 320 assessment objectives matter more than the 110 controls, and how small documentation inconsistencies can lead to failed controls.We also cover the importance of mock assessments, why your evidence package is critical, and how scope decisions can dramatically impact your assessment outcome.If you are preparing for a CMMC assessment, or think you are ready, this episode will help you avoid costly surprises and approach your assessment with confidence.
-
52
Top CMMC Compliance Mistakes and How to Avoid Them
Submit any questions you would like answered on the podcast!In this episode of the CMMC Compliance Guide Podcast, we break down the most common mistakes defense contractors make when preparing for CMMC compliance and how those mistakes can cost you time, money, and even future contracts.Even though CMMC 2.0 is now enforceable, many companies are still struggling with readiness. The issue is not effort, it is approach. Many contractors start in the wrong place, leading to overspending, failed assessments, or compliance gaps that could have been avoided.We cover critical topics like scoping mistakes, why treating CMMC as an IT-only project creates problems, and how focusing on tools too early can lead to unnecessary costs. We also explain why documentation and ongoing evidence are essential for passing an assessment and building trust with assessors.You will also learn why submitting an inaccurate SPRS score can create serious legal risk, how long CMMC actually takes to implement, and why waiting too long to start can put your contracts in jeopardy.If you are a small or mid-sized contractor in the defense industrial base, this episode will help you avoid the most common pitfalls and take a smarter approach to compliance.
-
51
Can You Create CUI? CMMC Scope, ERP Systems, and Contractor Risk Explained
Submit any questions you would like answered on the podcast!In this episode of the CMMC Compliance Guide Podcast, we tackle one of the most misunderstood topics in CMMC compliance.Many contractors assume that if information is not marked as controlled unclassified information, then it is not CUI. But that assumption can lead to serious compliance risks.We break down how manufacturers and machine shops can actually create CUI while performing contract work, even if the original data was not clearly marked.We also cover how ERP systems factor into CMMC scope, when systems are considered in or out of scope, and how improper scoping decisions can create major compliance gaps.You will learn what derived CUI is, how it applies to things like CNC G code, and why simply removing identifying details from documents does not make them safe.We also explain who determines what qualifies as CUI, how scope can expand across your network, and what realistic cost and infrastructure decisions look like for small and mid sized contractors.If you are part of the defense supply chain, this episode will help you avoid one of the most common and costly misunderstandings in CMMC.
-
50
The Hidden Operational Workload Behind CMMC Compliance
Submit any questions you would like answered on the podcast!In this episode of the CMMC Compliance Guide Podcast, we break down one of the biggest misconceptions in CMMC compliance.Most contractors think CMMC is just a cybersecurity upgrade. Install a few tools, write some policies, and you are ready for an assessment. But that is not how CMMC actually works.The real challenge is the operational workload behind compliance.We walk through what that workload actually looks like, including documentation, system security plans, asset management, workforce training, evidence collection, and continuous monitoring. These are the areas that consume the most time and are often underestimated by small and mid sized defense contractors.We also cover how CMMC impacts your supply chain, including subcontractor flowdown requirements and what you are responsible for as a prime or subcontractor.If you are preparing for CMMC Level 1 or Level 2, this episode will help you understand the true scope of work so you can avoid delays, failed assessments, and costly surprises.
-
49
CMMC Reassessments Explained: What Changes Trigger a New Assessment
Submit any questions you would like answered on the podcast!In this episode of the CMMC Compliance Guide Podcast, we break down one of the most overlooked risks in CMMC compliance. What actually happens when your environment changes after an assessment?Many contractors assume that once they pass a CMMC assessment or complete a self assessment, they are set for the next year or even three years. But recent guidance from the Cyber AB town hall reveals that certain changes can trigger a brand new assessment.We walk through what qualifies as a significant change, what does not, and how decisions are made when things fall into the gray area. We also cover real examples like mergers, switching MSPs, expanding networks, and upgrading tools.If you are planning changes to your environment or trying to future proof your compliance strategy, this episode will help you avoid costly mistakes and unnecessary reassessments.We also answer a listener question about how to identify FCI and how it should be handled under CMMC Level 1 requirements.If you are a small or mid sized defense contractor, aerospace supplier, or manufacturer, this is critical guidance you do not want to miss.
-
48
How Prime Contractors Evaluate Supplier Cybersecurity and CMMC Compliance
Submit any questions you would like answered on the podcast!What are prime contractors actually expecting from suppliers when it comes to CMMC and cybersecurity?In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke sit down with Bo Birdwell from Elbit Systems of America to get the prime contractor perspective on what suppliers need to understand right now. They break down how primes are thinking about CMMC, what they are looking for in small and mid-sized defense suppliers, and why some companies are about to hit a major inflection point if they are still treating CMMC like it is optional.Bo shares how Elbit evaluates supplier cybersecurity posture, the red flags that stand out immediately, and why companies that wait too long may not lose the bus forever, but they may lose their place in line. The conversation also covers flowdown realities, the difference between FCI and CUI risk, why COTS matters, what “adequate security” is really about, and why suppliers need to start making serious decisions now if they want to keep or win defense work.If you are a machine shop, aerospace supplier, manufacturer, subcontractor, or small business in the defense industrial base trying to understand how primes view CMMC readiness, this episode gives you a rare inside look at the other side of the table.
-
47
CMMC Supplier Questions Answered: Level 1 vs Level 2, Costs, Scope, and Flowdown for DoW Contractors
Submit any questions you would like answered on the podcast!What do small machine shops, aerospace suppliers, and defense manufacturers really need to know about CMMC right now?In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke answer some of the most common supplier questions they hear from companies trying to prepare for CMMC compliance. They break down how small suppliers can plan when contract requirements are still unclear, what level of compliance may be needed, how far requirements flow down the supply chain, and why scope matters so much when building your compliance strategy.They also explain common myths around redacted drawings, whether tools alone can make you compliant, what CMMC actually costs, whether small companies can do CMMC themselves, how big the jump is from Level 1 to Level 2, and what happens when CMMC becomes mandatory on contracts. If you are a DoW supplier, subcontractor, aerospace machine shop, or manufacturer trying to understand how CMMC will affect your business, this episode will help you cut through the confusion
-
46
CMMC Level 1 Self-Attestation Explained: Requirements, Evidence, and Risk
Submit any questions you would like answered on the podcast! lot of contractors assume CMMC Level 1 is just a simple checkbox. It is not.In this episode, Austin and Brooke break down what CMMC Level 1 actually requires, what a self-assessment really looks like, and why self-attestation without documentation can create serious risk.They cover the difference between Level 1 and Level 2, what Federal Contract Information (FCI) actually is, how Level 1 maps to the formal assessment process, and why organizations need policies, evidence, and artifacts before signing an attestation.This episode also explains:What CMMC Level 1 covers and what it does notWhy Level 1 is always self-assessed, not C3PAO certifiedThe difference between self-assessment and self-attestationWhat documentation and evidence should exist before attestingWhy authorized users, devices, processes, visitor logs, and physical access controls matterWhat the CFR says about evidence retentionWhen a Level 1 claim may actually be scrutinizedHow whistleblowers, breaches, or customer requests can trigger verificationThe False Claims Act risk of saying you are compliant when you are notIf you are planning to self-attest to CMMC Level 1, this episode will help you understand what the government expects before you sign your name to anything.
-
45
CMMC Scoping 101: The Most Expensive Mistake Contractors Make (And How to Fix It)
Submit any questions you would like answered on the podcast!Scope is the foundation of your CMMC compliance program and getting it wrong is one of the most expensive mistakes a DoD contractor can make.In this episode, Austin and Brooke break down what “scope” actually means in plain English, why contractors skip scoping early on, and how one small miss, like a downloads folder or a USB handoff, can quietly pull major systems into scope.We cover:What CMMC scope really is, including processed, stored, and transmitted CUIWhy contractors start with tools and policies too earlyThe data flow diagram exercise that reveals hidden scope issuesHow scope mistakes turn into rework, delays, and major cost increasesWhy “enclave” is often misunderstood and what it really meansWhat to do if you think you got scope wrongHow to self-check readiness using NIST 800-171A and the CMMC Assessment Process (CAP)Why documentation and evidence, not just controls, become the real burdenIf you are planning for a Level 2 assessment, scope should be your first move, not your last-minute scramble.
-
44
Key Takeaways from the January 2026 CMMC Town Hall: Hard Copy CUI, Scope, and Program Changes
Submit any questions you would like answered on the podcast!The January 2026 CMMC Town Hall brought several important clarifications and program updates that directly impact Department of War (DoD) contractors.In this episode of the CMMC Compliance Guide Podcast, we break down what changed, what was clarified, and what contractors should take away from the latest guidance.We cover:New DOW CIO leadership changes and what they mean for CMMCUpdated clarification on Hard Copy CUI (and what qualifies)Why encryption alone does NOT define scopeGovernment shutdown impact on assessmentsC3PAO reauthorization and ISO 17020 accreditationKECO transition to ISACA and certification updatesWhat all of this means for contractors planning in 2026The biggest theme? CMMC is not slowing down. It’s becoming more standardized, more mature, and more defined.If you’re planning contracts in 2026, now is the time to understand how these updates affect your scope, documentation, and assessment strategy.
-
43
Why Feeling “CMMC Ready” Isn’t the Same as Passing a Level 2 Assessment
Submit any questions you would like answered on the podcast!Many DoW contractors feel confident they’re ready for a CMMC Level 2 assessment until assessors get involved. That’s when gaps in documentation, scope, and operational maturity start to surface.In this episode of the CMMC Compliance Guide Podcast, Brooke breaks down why implementation alone does not equal readiness. We walk through what assessors look for before technical testing even begins, why documentation is often the real reason companies fail, and how poor scoping or misaligned staff interviews can derail an assessment.You’ll learn:Why “feeling ready” is not the same as being assessment-readyWhat assessors review first during the readiness and pre-assessment phaseHow SSP quality can make or break your assessmentWhy screenshots alone are not sufficient evidenceHow POAMs are viewed during Level 2 assessmentsThe role of operational maturity and ongoing proofHow scope and employee interviews expose readiness gapsHow to realistically self-check readiness before scheduling an assessmentIf you’re preparing for a CMMC Level 2 assessment or think you’re close this episode will help you identify blind spots before they cost you time, money, or certification.
-
42
CMMC FAQ Update: Timeline, Subcontractor Flowdowns, Enclaves, Cloud Rules, and VDI Scope Explained
Submit any questions you would like answered on the podcast!The DoW just released updated CMMC FAQs that clarify the rules contractors keep getting wrong. In this episode, Austin and Brooke break down what the new guidance actually says, what it means for your scope, and where vendor and architecture decisions can derail an assessment before it even starts.We cover the most important FAQ clarifications, including:The real CMMC timeline and what Phase 1 vs Phase 2 changesWhy primes may demand Level 2 earlier than the official datesFlowdown requirements for subcontractors (and what “defensible” verification looks like)The myth that encrypted CUI is no longer CUI (it is still CUI)Whether CMMC assessment results will be public (they will not)POAM vs “operational POAM” and why the distinction mattersHard copy only CUI: when Level 2 may not apply (and the strict caveats)Why encryption does not create logical separation or reduce scopeEnclaves and enterprise networking components: what pulls systems in scope (and what does not)Cloud storage rules: why non-FedRAMP clouds cannot store encrypted CUIMSP requirements: do MSPs need CMMC certification (and what a CRM must include)VDI scope rules: when endpoints can be out of scope, and when they are automatically in scopeIf you are making decisions around scope, vendors, cloud tools, backups, enclaves, or VDI, this episode will help you avoid assumptions that assessors will not accept.
-
41
How to Triage CMMC Compliance When You’re Overwhelmed and Short on Time
Submit any questions you would like answered on the podcast!When CMMC compliance starts to feel overwhelming, most companies don’t fail because they lack effort, they fail because they don’t know where to start.In this episode of the CMMC Compliance Guide Podcast, Brooke and Stacey break down why CMMC feels so urgent and high-risk for small and mid-sized DoD contractors, and how to triage your compliance work so you can make real progress without burning out.This episode covers:Why starting at control 3.1.1 is a mistake for most companiesHow poor scoping makes CMMC feel impossibleWhat assessors actually prioritize firstWhich controls are non-POAMable and must be addressed earlyHow to reduce scope without cutting cornersWhen tools help and when they waste time and moneyHow to approach SSPs, policies, and POAMs the right wayPractical steps small teams can take to regain control of CMMCIf CMMC feels like everything is urgent and nothing is moving fast enough, this episode will help you slow down, focus, and build a plan that actually works.
-
40
CMMC Evidence 101: How to Prove NIST 800-171 Compliance in a Level 2 Assessment
Submit any questions you would like answered on the podcast!Get your free SPRS Roadmap here: https://cmmccomplianceguide.com/free-sprs-roadmapIn this episode of the CMMC Compliance Guide Podcast, Austin and Brooke break down the #1 thing that trips companies up before a CMMC Level 2 assessment: evidence.Having a binder of policies (or a 300-page SSP) is not enough. Assessors want proof you are doing what you say you do consistently, over time and they want it organized so they can quickly map evidence to controls and assessment objectives.You’ll learn:What assessors mean by “acceptable evidence” (and what doesn’t count)The “who, what, when, where” test for logs and proofHow tickets, approvals, and checklists strengthen your evidence trailWhat to avoid putting in cloud ticketing systems (SPD risks)Manufacturer-specific pitfalls assessors notice on the shop floorWhy “fresh out of the oven” evidence raises red flagsHow GRC tools can make evidence collection and linking easier
-
39
What CMMC Assessors Notice First: Early Red Flags That Fail Level 2 Assessments
Submit any questions you would like answered on the podcast!What do CMMC Level 2 assessors notice first, sometimes within the first day, before they ever dig into your firewall configs or deep technical testing?In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke break down the early red flags that can derail your assessment fast. We cover what assessors ask for right out of the gate (and how quickly you need to respond), why generic SSPs create problems, how scoping mistakes happen in the real world (downloads folders, copiers, shop floor machines), and what it means when your policies do not match what employees actually do.If you want to pass your CMMC Level 2 assessment, this episode will help you tighten your documentation, evidence, and scope before the assessor ever starts technical validation.
-
38
CMMC Paperwork Without the Pain: How to Simplify Policies, SSP, and Evidence (Level 1 vs Level 2)
Submit any questions you would like answered on the podcast!Most small and mid-sized manufacturers do not fail CMMC because of “tech.” They fail because their documentation does not match how the shop actually runs.In this episode, Austin and Brooke break down how to build CMMC documentation that is concise, accurate, and assessor-friendly without drowning in templates that were never written for your business. You will learn why template overload causes gaps, how to keep policies aligned to real workflows, and what “minimally sufficient” documentation looks like for both Level 1 and Level 2.We also cover the difference between CMMC Level 1 and Level 2 documentation expectations, why evidence retention and verifiable processes matter, and how to decide between a file system approach vs a GRC tool to keep version control and proof organized for assessment day.If you are a machine shop, aerospace manufacturer, or engineering firm trying to get compliant without creating a 400-page monster, this is your playbook.
-
37
How CMMC Became a Competitive Advantage for DoD Contractors
Submit any questions you would like answered on the podcast!CMMC is no longer just a compliance requirement. It is now a competitive advantage that directly impacts who wins and who loses DoD contracts.In this episode of the CMMC Compliance Guide Podcast, Stacey and Brooke break down how the final 48 CFR rule has changed the contracting landscape and why primes are now aggressively pushing CMMC requirements down to their subcontractors. We explain how CMMC certification, SPRS scores, and assessment status are already being used to evaluate risk and readiness, even before certification becomes mandatory on every contract.You will learn why contractors who are already certified, or at least scheduled for certification, are gaining an edge over competitors who waited too long. We also cover how flow-down requirements work, how primes protect themselves from False Claims Act risk, and why small businesses face a higher barrier to entry than midsize firms.This episode also explains how contracting officers and primes view SPRS scores, what happens once certifications are uploaded through EMASS, and why CMMC status is not likely to become publicly searchable. Finally, Brooke walks through what contractors should be doing right now to stay competitive, including scoping CUI, running gap assessments, engaging a C3PAO early, and preparing subcontractor oversight.If you want to keep winning DoD contracts in 2026 and beyond, this episode will help you understand how CMMC is reshaping the defense industrial base and what actions you need to take now.
-
36
NIST 800-171 and CMMC 2.0: How Assessors Actually Score You
Submit any questions you would like answered on the podcast!Are assessors judging you on CMMC or NIST 800 171 when audit day arrives?In this episode of the CMMC Compliance Guide Podcast, Stacey and Brooke break down the real relationship between CMMC 2.0 and NIST 800 171 so you are not guessing when it matters most.We walk through how the 110 NIST 800 171 controls and 320 assessment objectives drive your CMMC level 2 certification, and what CMMC layers on top, including POA&M limits, timelines, and who is allowed to certify you. You will hear practical examples around SPAs, cloud tools, customer responsibility matrices, FedRAMP, and how assessors actually validate things like MFA, logging, and scope.We also explain the difference between a NIST self assessment and a CMMC level 2 certification by a C3PAO, clear up common misconceptions about “being NIST compliant”, and talk about False Claims Act risk when SSPs, inventories, and controls are not kept current. Finally, Brooke shares a step by step path for contractors: identify your CUI, scope systems, run a gap analysis, build your SSP and POA&M, collect evidence, and engage a C3PAO for a mock and full assessment.If you are a small or midsized defense contractor trying to get ready for 2026, this episode will help you focus on what assessors really care about so you can prepare with confidence.
-
35
Top CMMC Myths Debunked: Cloud, Vendors, Firewalls, and MFA Mistakes Explained
Submit any questions you would like answered on the podcast!Today’s episode of the CMMC Compliance Guide Podcast dives into the biggest myths that machine shops, fabricators, CNC shops, and mid-sized defense contractors still believe about CMMC. From cloud misconceptions to vendor promises that fall short, Brooke breaks down why these misunderstandings lead to failed assessments and what contractors should be doing instead.We walk through common assumptions like “cloud keeps me out of scope,” “my vendor is compliant so I’m compliant,” “MFA on email is enough,” “my firewall makes everything compliant,” and “cyber insurance handles reporting.” Each of these has a grain of truth but none of them meet the actual requirements in NIST 800-171 or CMMC Level 2.You’ll learn:Why cloud environments don’t remove your endpoints from scopeHow caching, downloads, and browser access pull systems back into scopeWhat vendor claims really don’t coverWhy MFA must be implemented everywhere CUI is accessed, not just emailThe truth about firewalls and why they’re not “compliance shields”Why VDI is helpful but not a magic solutionWhat cyber insurance does (and doesn’t) do during an incidentWhy remote workstations and home offices still introduce scope and riskThis episode is packed with clarity, not fear so manufacturers, CNC shops, and GovCon SMBs can make informed decisions, avoid costly assumptions, and protect their DoD contracts.
-
34
Plain English Guide to CMMC Level 1: Basic Cybersecurity Without the Headache
Submit any questions you would like answered on the podcast!CMMC Level 1 Self- Assessment Guide: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level1_V2.0_FinalDraft_20211210_508.pdfIn this episode of the CMMC Compliance Guide Podcast, Stacey and Austin from Justice IT Consulting break down CMMC Level 1 in clear, simple terms: what it is, who it applies to, and the exact steps small and mid-sized contractors must take to protect Federal Contract Information (FCI).You’ll learn what the government expects from Level 1 contractors, how the 15 required practices actually work in real life, what documentation you must maintain for six years, and why the new annual self-assessment requirement matters more than ever.Whether you’re a machine shop, fabricator, engineering firm, or small manufacturer supporting a prime contractor, this episode gives you the Level 1 foundation you must have in place.
-
33
Top 12 CMMC Level 2 Requirements Explained: Gap Assessments, Scope, SSP, and POA&M
Submit any questions you would like answered on the podcast!In this episode of the CMMC Compliance Guide Podcast, Stacey and Austin from Justice IT Consulting walk through the top 12 essentials every contractor needs to achieve CMMC Level 2 compliance especially small and mid-sized defense manufacturers.You’ll learn how to start compliance the right way with a formal gap assessment, define and shrink your CUI scope, and build a System Security Plan (SSP) that maps to all 110 NIST 800-171 controls. We break down how to write an actionable Plan of Action & Milestones (POA&M), implement MFA correctly, enforce least-privilege access control, and deploy proper device protection across your environment.We also cover commonly misunderstood requirements around FIPS-validated encryption, centralized logging/SIEM, removable media, CNC/OT assets, data handling, and ongoing vulnerability + risk assessments.Finally, we answer a listener question on secure data transfer and why customer portals or GCC/GCC High environments are often superior to “secure links” inside commercial Microsoft 365 tenants.
-
32
Cyber AB Town Hall Breakdown: Legal Lessons, Ecosystem Growth, and CMMC Phase 2 Progress
Submit any questions you would like answered on the podcast!In this episode of the CMMC Compliance Guide Podcast, Brooke and Stacey from Justice IT Consulting unpack the biggest updates from the Cyber AB’s October 2025 Town Hall and what they mean for defense contractors preparing for CMMC certification.You’ll learn:Why the government shutdown isn’t delaying CMMC or the 48 CFR rolloutThe $875K False Claims Act case against Georgia Tech and what it teaches all contractorsHow the CMMC ecosystem is expanding with more certified assessors and C3PAOsKey insights from the University of Southern California’s Level 2 certification journeyPractical advice for small contractors: data mapping, documentation, and shrinking your CUI boundaryNew ethics reminders and upcoming assessor certification updates from the Cyber ABThis episode delivers plain-English explanations and real-world lessons to help contractors stay compliant, avoid legal risk, and prepare for CMMC Phase 2.
-
31
Highlights from CS5 East 2025: Operation Midnight Hammer, CMMC Updates, and AI Insights
Submit any questions you would like answered on the podcast!Get the inside scoop from CS5 East 2025, the largest cybersecurity and compliance event for the Defense Industrial Base. In this episode, Brooke and Stacey from Justice IT Consulting breaks down the biggest CMMC updates, Operation Midnight Hammer, and how AI is reshaping compliance.Learn what the Cyber AB announced, how CMMC Phase 2 is rolling out, and what contractors should expect next. Whether you’re a Compliance Officer, DoD Program Manager, or small-business GovCon, this recap gives you the context and clarity you need to stay ahead.
-
30
How to Prove CMMC Compliance to Prime Contractors (Before You Lose Contracts)
Submit any questions you would like answered on the podcast!🎯 Get your Free SPRS Roadmap Session: https://cmmccomplianceguide.com/free-sprs-roadmapOur experts will review your SPRS score, documentation, and setup to help you hit 110 with a clear action plan at no cost.Prime contractors like Lockheed Martin, Raytheon, and Parker Hannifin are demanding proof of compliance before awarding new work — and subcontractors who can’t prove it risk losing contracts.In this episode, Brooke and Austin from Justice IT Consulting explain exactly what primes are asking for, what documentation they expect (SPRS, SSP, POA&M), and the most common mistakes subcontractors make when trying to prove compliance.You’ll learn: Why primes are suddenly enforcing subcontractor compliance What documents and proof you need ready (SPRS, SSP, POA&M) The biggest mistakes that lead to false claims risk What happens when you inflate your SPRS score How to show compliance even before your Level 2 certification What steps to take now to get audit-ready and stay competitiveWhether you’re still working toward compliance or just need a second set of eyes, this episode breaks down how to prove your CMMC compliance with confidence — before your primes stop sending work your way.
-
29
Cyber AB Town Hall September 2025: Key CMMC Compliance Updates
Submit any questions you would like answered on the podcast!The September 2025 Cyber AB Town Hall dropped big updates for contractors navigating CMMC and NIST 800-171 compliance. In this episode of the CMMC Compliance Guide Podcast, Brooke and Austin break down what the final CMMC rule (Title 48A) means for defense contractors, subcontractors, and service providers.We cover the timeline for implementation, prime and subcontractor flow-down requirements, service provider risks (MSPs, CSPs, ESPs), and how a government shutdown could affect CMMC. You’ll also hear insights on ongoing compliance, documentation, FedRAMP requirements, advisory councils, and what primes will expect from their supply chains.Whether you’re a compliance officer, program manager, or DoD subcontractor, this episode gives you clear, actionable takeaways so you can prepare before deadlines hit.
-
28
Handling CUI Correctly: Compliance Risks and Best Practices
Submit any questions you would like answered on the podcast!Worried about mishandling Controlled Unclassified Information (CUI)? In this episode of the CMMC Compliance Guide Podcast, Brooke and Stacey break down what CUI really is, why it matters in defense contracting, and the biggest mistakes contractors make when handling it.You’ll also learn the real-world risks of CUI mishandling, how assessors check compliance during a CMMC Level 2 assessment, and the low-cost, practical solutions you can implement right now to protect sensitive data.
-
27
CMMC Final Rule Explained: Deadlines, Requirements, and Next Steps for Defense Contractors
Submit any questions you would like answered on the podcast!The wait is over: the Department of Defense has finalized the CMMC rule, officially making it part of DFARS. That means compliance isn’t “coming soon”, it’s now in your contracts.In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke from Justice IT Consulting break down what the final rule means for DoD contractors and subcontractors, the key deadlines you need to know, and the exact steps to prepare for Level 2 certification before requirements hit contracts in November 2026.What you’ll learn in this episode:- The new CMMC final rule and when it goes into effect- How the 4-phase rollout impacts primes and subcontractors- What’s different about this update (and why it’s not another delay)- Key requirements: SPRS score, POAM limits, affirming officials, and more- How to prepare your subcontractors with questionnaires and attestations- Why you need to start engaging with C3PAOs now before schedules fill upIf you’re a DoD contractor, aerospace manufacturer, or subcontractor, this is the update you can’t afford to ignore.
-
26
The Role of NIST 800-171 in Your CMMC Assessment
Submit any questions you would like answered on the podcast!Confused about where NIST 800-171 fits into your CMMC 2.0 assessment? You’re not alone. In this episode of the CMMC Compliance Guide, Brooke and Stacey from Justice IT Consulting break it all down in plain English.We cover the foundation of NIST 800-171, how it maps into the CMMC levels, what assessors actually look for during an audit, and the most common mistakes contractors make. We’ll also touch on the latest updates including: NIST 800-171 Rev 3 and the DoD’s enforcement timelines and finish by answering real listener questions on VoIP, Microsoft 365, and more.Whether you’re a small defense contractor or managing compliance for a larger team, this episode gives you the practical steps you need to stay compliant, stay secure, and stay ready for your assessment.
-
25
The Truth About CMMC Enclaves: Pros, Cons, and Compliance Risks
Submit any questions you would like answered on the podcast!Thinking about building an enclave for CMMC compliance? Not so fast. In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke from Justice IT Consulting break down:What an enclave actually is (in plain English)When an enclave makes sense (and saves you money)When it can hurt your compliance effortsWhat assessors will really be looking for in your auditIf you’ve ever asked, “Do I need an enclave for CMMC?”, this episode is your roadmap to making the right call for your business.
-
24
Are You Really Ready for a CMMC Assessment?
Submit any questions you would like answered on the podcast!Think you’re ready for your CMMC assessment? In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke break down the difference between being “paper ready” and truly “assessment ready.” From documentation gaps to overlooked technical controls, they share insider tips to help you pass with confidence.We’ll walk you through the common blind spots that can derail an assessment, how to stress test your compliance program, and what assessors really look for when they walk in the door.
-
23
When ‘Not Applicable’ Can Cost You Contracts
Submit any questions you would like answered on the podcast!Marking a CMMC control as “Not Applicable” might feel like an easy shortcut but get it wrong, and you could fail your assessment, lose contracts, or even face legal trouble.In this episode of The CMMC Compliance Guide, Brooke and Stacey from Justice IT Consulting break down the real risks of misusing N/A, share common mistakes companies make, and explain how to properly justify a not applicable control so you stay compliant and avoid False Claims Act issues.We cover everything from Wi-Fi misconceptions to remote access oversights, mobile device scoping, assessor validation methods, and the legal risks nobody talks about. Whether you’re a one-person shop or managing a complex network, these insights could save you from major headaches come assessment day.CyberAB Marketplace
-
22
How to Make Real CMMC Progress: Even if Compliance Isn’t Your Full-Time Job
Submit any questions you would like answered on the podcast!Schedule your free SPRS Roadmap Session and get a step-by-step plan to close gaps and stay defensible:👉 https://cmmccomplianceguide.com/free-sprs-roadmapIs CMMC just one of many hats you wear at your company? You’re not alone and you’re not out of luck.In this episode of the CMMC Compliance Guide, we break down how overworked and under-resourced compliance leads can still make meaningful progress toward CMMC and NIST 800-171. Whether you're a part-time compliance officer, the IT guy, or the quality manager who just got handed CMMC, we’ll walk you through a phased, practical approach you can tackle in just a few hours a week.From identifying CUI and building your data flow diagrams to implementing MFA, FIPS, and policy templates the right way—this is your guide to making CMMC doable without the burnout.
-
21
What You Missed: June Cyber AB Town Hall CMMC Highlights
Submit any questions you would like answered on the podcast!48 CFR UPDATE: https://www.ecfr.gov/current/title-48/chapter-2/subchapter-A/part-204/subpart-204.75Missed the June 2024 Cyber AB Town Hall? We’ve got you covered.In this episode of the CMMC Compliance Guide, Brooke and Austin break down the biggest takeaways — including how recent leadership changes, service provider requirements, and G-code classification are shaping the path to CMMC compliance.If you're a DoD contractor or MSP supporting government clients, this is the update you can't afford to miss.INSIDE THE EPISODE:- What the new Undersecretary means for CMMC rulemaking- ESP vs. CSP vs. MSP — and why the difference matters- Why your IT provider will be assessed with your environment- How your CAGE code could delay certification- What assessors say about G-code and CUI- Upcoming CMMC events you should have on your calendarUPCOMING CMMC EVENTS MENTIONED:- Carahsoft CMMC Webinar Series: https://www.carahsoft.com/learn/event/71021-proofpoint-and-microsoft-cmmc-webinar- National Cyber Summit: https://www.nationalcybersummit.com/- CS5 East 2025: https://cyberab.org/News-Events/CS5-Conference
-
20
6 Critical CMMC Questions Every Small DoD Contractor Should Know
Submit any questions you would like answered on the podcast!Are you trying to navigate CMMC and NIST 800-171 with a small team and limited resources? You're not alone. In this episode of the CMMC Compliance Guide, we’re breaking down six of the most common and confusing questions small DoD contractors ask—and giving you clear, practical answers you can act on immediately.Join Brooke & Stacey from Justice IT Consulting as they unpack risks of misinterpreting controls, mobile device scope, admin account misuse, CUI data flow diagrams, remote access, and more. Whether you’re prepping for a CMMC Level 2 assessment or just trying to stay ahead, this episode is packed with actionable advice.
-
19
CMMC on the Shop Floor: A No-BS Guide for CNC & Aerospace Machine Shops
Submit any questions you would like answered on the podcast!Happy 4th of July from the team at CMMC Compliance Guide Podcast! While you're celebrating freedom, hot dogs, and fireworks — don’t forget about safeguarding the data that defends that freedom. 🛡️In this special edition, we're tackling what really works for CMMC compliance on the shop floor. From coolant-soaked travelers to ancient XP machines, this is your no-nonsense guide to staying compliant in real-world CNC and aerospace manufacturing environments.Skip the theory. Get the real-world playbook. Because you can't afford to shut down production just to pass an audit. 📞 Need help with CMMC or NIST 800-171? We fast-track defense manufacturers to compliance — or give you the tools to do it yourself. 👉 Visit https://www.cmmccomplianceguide.com to download free resources or schedule a discovery call.
-
18
Ceasefire’s Here, But Your Shop’s Still a Target: What the DoD CIO Just Told Defense Contractors
Submit any questions you would like answered on the podcast!🆓 Need help getting your SPRS score to 110?Schedule your free SPRS Roadmap Session and get a step-by-step plan to close gaps and stay defensible:👉 https://cmmccomplianceguide.com/free-sprs-roadmapThe Department of Defense just issued a critical cybersecurity memo—and it's not just for the Lockheeds and Raytheons. In this episode, we break down what small and mid-sized DoD contractors must do now to respond to rising cyber threats—even amid headlines of ceasefire. From multi-factor authentication and patching systems to cloud security guidance and SPRS score readiness, we walk you through the exact steps your organization needs to take.Resources Mentioned:Memo: https://media.licdn.com/dms/document/media/v2/D561FAQFbAPookqu2zw/feedshare-document-pdf-analyzed/B56ZefAj13HoAY-/0/1750719415748?e=1751500800&v=beta&t=O6aY3UDi5ijLTGOa6RP4xAWABMPZh-ZKRkXRikiCywg https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/directives/bod-25-01-implementing-secure-practices-cloud-services https://www.cisa.gov/cyber-hygiene-services https://www.nsa.gov/About/Cybersecurity-Collaboration-Center/DIB-Cybersecurity-Services/ https://www.dc3.mil/Missions/DIB-Cybersecurity/DCISE-Resources/ #CMMC #DODCompliance #CyberSecurity #SPRS #DefenseContractor #CyberThreats #NIST800171 #CMMCComplianceGuide
-
17
Breaking Down the Real Cost of CMMC Compliance for Small Businesses
Submit any questions you would like answered on the podcast!Why is CMMC compliance so expensive—especially for small businesses? In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke from Justice IT Consulting break down what really drives up the cost of CMMC and NIST 800-171 compliance, and more importantly—how you can cut costs without cutting corners.We cover:The four stages of compliance cost: paperwork, project work, ongoing maintenance, and assessmentsWhat assessors can and can’t help withEnclave strategies that can save you thousandsWhy smaller companies feel a heavier burden—and how to manage itSmart scoping, VDI, and how not to overspend on your CMMC journeyIf you’re trying to balance compliance with a tight budget, this episode is a must-listen.👉 Need help or have questions? Contact us for free advice at CMMCComplianceGuide.com.🔔 Don’t forget to like, subscribe, and share!
-
16
How to Scope CMMC Correctly: Avoid Audit Failures, Over-Scoping, and Cloud Risks
Submit any questions you would like answered on the podcast!Is your CMMC scope setting you up for success—or failure?In this episode of the CMMC Compliance Guide, Brooke and Stacey from Justice IT Consulting break down one of the most misunderstood (and expensive) parts of your compliance journey: scoping.Learn how to define your CUI boundary the right way, avoid common over-scoping mistakes, and streamline your assessment with clear documentation strategies. Whether you're prepping for a formal CMMC assessment or self-assessing for NIST 800-171, this episode gives you real-world insights that can save you time, money, and frustration.🔍 We cover:What really defines your CMMC scope (it's more than just your server)The hidden risks of over-scoping and cloud blind spotsThird-party service provider mistakes that can blow your scopeMust-have documentation: data flow diagrams, network diagrams, and asset inventoriesA practical checklist to get your scope right before the audit🛠 Need a faster path to compliance without cutting corners? Visit www.CMMCComplianceGuide.com for free resources, expert help, or to book a discovery call.
-
15
What You Missed at CEIC West 2025: CMMC Culture, AI Labeling, and Subcontractor Risks
Submit any questions you would like answered on the podcast!Missed CEIC West 2025 in Las Vegas? We’ve got your insider recap. In this episode of the CMMC Compliance Guide, Austin and Brooke break down the most critical insights defense contractors need to know—from Katie Arrington’s keynote to real-world flowdown risks, mock assessment walkthroughs, and what AI means for your CUI documentation.If you’re a small or mid-sized DoD contractor trying to stay compliant with CMMC, NIST 800-171, and DFARS, this episode gives you the takeaways that actually matter. 📞 Have questions? Text, call, or email us. We’ll answer them for free on the podcast. 🔗 Visit www.cmmccomplianceguide.com for free resources
-
14
How to Identify and Fix Your NIST 800-171 Weak Spots
Submit any questions you would like answered on the podcast!Are you sure you're NIST 800-171 compliant? In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke break down the most overlooked NIST 800-171 requirements that continue to trip up DoD contractors—and what you can do today to avoid those costly mistakes.From data flow diagrams to documentation pitfalls, supply chain risks, and misunderstood MFA and logging requirements, this episode is packed with practical insights and actionable takeaways. If you’re pursuing CMMC Level 2 or just trying to boost your SPRS score, this is a must-listen.💡 You’ll Learn:Why poor scoping is the #1 mistake in complianceHow to map your CUI data flow across systems and subcontractorsWhat assessors really expect from your MFA, logging, and risk assessment controlsWhy your documentation strategy can make or break your assessmentWhat it takes to maintain compliance after you’re “done”How to use the NIST 800-171A Assessment Guide to conduct a real gap analysisThe truth about ongoing compliance vs. one-time auditsGRC tools, POAMs, and how to build your project roadmapThis episode is your self-assessment gut check. Whether you're just starting or already deep into your compliance journey, don’t miss these expert tips.🔗 For free resources, visit: https://cmmccomplianceguide.com 📅 Meet us at DibCon, June 3–5, in Oklahoma City!
-
13
CMMC Day 2025 Recap: Key Takeaways, Real-World Mistakes & What SMBs Must Fix Now
Submit any questions you would like answered on the podcast!Get the latest insider takeaways from CMMC Day 2025 straight from Washington D.C. In this episode of the CMMC Compliance Guide Podcast, Brooke and Austin break down the most critical updates small and midsized businesses (SMBs) in the defense supply chain need to know now.We cover: ✅ Why CMMC is NOT going away (despite what skeptics think) ✅ Critical mistakes businesses still make with SSPs, scoping, and access control ✅ Real-world assessment horror stories you need to avoid ✅ Why subcontractors can't hide in the supply chain anymore ✅ Tools, technology, and zero trust lessons from the show floorWhether you're a manufacturer, IT lead, or compliance manager, this episode delivers actionable insights to help you stay off the DoD's naughty list and win more contracts in 2025.🎯 Need help? Get your free SPRS Score Roadmap → https://cmmccomplianceguide.com/free-sprs-roadmap
-
12
Decoding NIST 800-171: Your Plain English Path to CMMC Level 2 Compliance
Submit any questions you would like answered on the podcast!Feeling overwhelmed by CMMC compliance and NIST 800-171’s 110 controls? You’re not alone — but you don’t have to be stuck.In this episode of the CMMC Compliance Guide Podcast, Brooke and Austin break down NIST 800-171 Revision 2 in plain English — no government-speak, no tech jargon — so you can finally understand what each control family means for your business.You'll learn:What NIST 800-171 really requires (and why it matters for your SPRS score)How to tackle key control families like Access Control, Awareness & Training, and Audit & AccountabilityThe critical mistakes contractors make (and how to avoid them)Why documentation is the #1 secret weapon for CMMC successReal-world tips for manufacturing, machine shop, and aerospace contractors navigating CMMC Level 2🔥 Don’t wait until an assessor says “No Soup for You” — build a compliance system that actually protects your business and wins contracts.👉 Need help fast-tracking your compliance journey? Visit https://cmmccomplianceguide.com to download free resources or schedule a discovery call.
-
11
How to Improve Your SPRS Score Before It Costs You Contracts
Submit any questions you would like answered on the podcast!Is your SPRS score putting your DoD contracts at risk? In this episode of the CMMC Compliance Guide, we break down exactly what the SPRS score is, why it matters, and how to improve it fast—before you lose out on federal work.Whether you're stuck at -72 or hovering at 80, we’ll walk you through how to get to 110 with practical, plain-English guidance. From gap analysis to POA&Ms, system security plans, encryption, MFA, and the best GRC tools—we’re covering it all.👉 Schedule your FREE SPRS Roadmap Session (Limited Time): www.cmmccomplianceguide.com/free-sprs-roadmap✅ $1,500 Value — No pitch, no pressure. Just expert help.🎯 What You'll Learn:✅What an SPRS score is and why it matters✅How to assess your current score (and why most are wrong)✅What documentation and tech controls you must have✅How to get to 110 — even if you’re starting from a negative score
We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.
No matches for "" in this podcast's transcripts.
No topics indexed yet for this podcast.
Loading reviews...
ABOUT THIS SHOW
Our experiences inspired the creation of The CMMC Compliance Guide Podcast and its accompanying resources. The podcast began as a way to share what we learned through real-world challenges—like helping that aerospace machine shop—and to provide accessible education for businesses navigating DoD cybersecurity requirements.The CMMC Compliance Guide Podcast breaks down complex topics like NIST 800-171 and CMMC into actionable, easy-to-understand steps. Whether you’re a subcontractor struggling to meet compliance deadlines or a business owner looking to secure your supply chain, the guide offers practical advice to help you take control of your cybersecurity journey.
HOSTED BY
CMMC Compliance Guide
CATEGORIES
Loading similar podcasts...