Cyberspin

In this April edition of CMMC Connect, Redspin's assessors and consultants take on the questions defense contractors are asking most right now. The panel digs into whether OSCs in the middle of a Level 2 assessment can keep working as subs on prime contracts, when NIST 800 171 Rev3 will become the standard and what's new in it, how to handle CUI when running AI tools on AWS GovCloud, how strict the separation between administrative and standard user accounts really needs to be, and the most common pitfalls that send "ready" organizations into a failed Level 2 assessment. You'll also get the latest ecosystem numbers (1,198 final Level 2 certifications as of April 2026), a reality check on the November 10, 2026, Phase 2 milestone (spoiler: it's not the deadline most people think it is), and a look at the new Cyber EF. Listen to get practical, assessor-backed guidance you can put to work this week. CMMC Connect happens on the last Thursday of every month at 1 PM ET. Register for the series and submit questions here: https://redspin.com/cmmc-connect-hub/ Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

What are organizations getting wrong when it comes to CMMC? In this replay of March’s CMMC Connect, Redspin’s assessors break down the real-world questions organizations are asking right now, from Rev. 2 vs. Rev. 3 implications to scoping decisions, shared environments, and what truly changes when you add systems into your boundary. We cover what happens after certification, how to think about inherited controls and micro-business models, what differentiates C3PAOs, and how to determine if you’re truly assessment-ready—not just policy-ready. If you’re navigating CMMC Level 2, managing CUI, or preparing for (or maintaining) certification, this is your practical, field-driven breakdown of what assessors are actually seeing and advising. CMMC Connect happens on the last Thursday of every month at 1 PM ET. Register for the series and submit questions here: https://redspin.com/cmmc-connect-hub/ Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

How did this much happen in just 30 days? In this replay episode of February's CMMC Connect, we break down the latest DFARS Class Deviations, GSA’s new “CMMC-like” program, key takeaways from the Cyber AB Town Hall, and the biggest questions shaping the CMMC landscape right now. We cover why mock assessments can’t convert to formal certifications, why documentation is everything, how contract requirements drive CMMC Levels, and what you need to know about CUI access, training, and assessment readiness.  If you’re navigating CMMC, FAR/DFARS, or federal contract compliance, this is your 60-minute briefing on what matters most. CMMC Connect happens on the last Thursday of every month at 1 PM ET. Register for the series and submit questions here: https://redspin.com/cmmc-connect-hub/ Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

CMMC is moving fast, and the questions from the DIB are getting more specific... In this January 2026 replay of Redspin's live CMMC Connect, our CMMC Certified Assessors (CCAs) unpack the latest updates from the field and answer real-world questions OSCs are facing as CMMC Level 2 assessments ramp up. This episode (literally) covers: Recent DoD CMMC FAQ updates and what they clarify (and don’t) ISACA’s new role as CAICO and what it means for CCP and CCA certifications The growing pace of completed CMMC assessments and what that signals for 2026 Scoping challenges: virtual machines, shared resources, boundaries, and asset definitions Flow-down realities. Why primes are increasingly requiring Level 2 from subs CMMC vs. FedRAMP, and how to tell if you’re an ESP or a CSP CUI marking, mishandling, and what to do when CUI shows up where it shouldn’t FIPS validation pitfalls assessors see all the time Evaluating AI-enabled tools when CUI is involved Common reasons organizations struggle or fail during assessment NIST 800-171  The session wraps with live audience Q&A, candid assessor perspectives, and practical advice drawn directly from active CMMC engagements, no theory, no fluff. If you’re supporting DoD contracts, preparing for CMMC Level 2, or navigating compliance decisions in real time, this episode delivers clarity where it matters most. CMMC Connect happens on the last Thursday of every month at 1 PM ET. Register for the series and submit questions here: https://redspin.com/cmmc-connect-hub/ Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this holiday edition of CMMC Connect, the Redspin team wraps up a busy year by tackling real questions from the Defense Industrial Base, sharing practical best practices, and looking ahead to what 2026 may bring for CMMC. From lessons learned in the field to what contractors should be thinking about next, this session covers a wide range of timely topics — with a little holiday fun mixed in. We also share what’s new for CMMC Connect in 2026. Sessions will continue on the last Thursday of every month, starting January 29, but with a simplified registration process. Going forward, you’ll only need to register once for the year, and calendar invites will be sent out quarterly to make planning easier. Whether you joined us live or are catching up on the replay, this episode is a great way to close out the year and get oriented for what’s ahead in CMMC. Listen now and be sure to register for CMMC Connect to stay on the list for upcoming 2026 sessions. CMMC Connect happens on the last Thursday of every month at 1 PM ET. Register for the series and submit questions here: https://redspin.com/cmmc-connect-hub/ Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Phase 1 of CMMC is officially here, and this month’s CMMC Connect dives straight into what contractors are experiencing on the ground. Redspin’s panel of CCAs break down the newest DoD updates, rising assessment backlogs (or is it rising false-starts?), early Level 2 contract requirements, and the most common “not met” trends they’re seeing in real assessments. They also unpack key findings from Redspin’s new Momentum but Slow Movement report, based on data from 180 DoD contractors, including the growing wave of flow-down demands from primes. If you want clear, practical answers on scoping, evidence, encryption, specialized assets, subcontractor management, or what counts as a “significant change,” this episode has it. Plus: Redspin is hiring CCAs as demand skyrockets. CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this special Halloween edition of CMMC Connect, the Redspin team swapped their suits for costumes and dove into what’s next as CMMC Phase 1 officially begins on November 10. Join Dr. Thomas Graham, Jeremy Mares, Rob Teague, and Phil Conrad, hosted by Lauren Frickle, as they unpack: Why November 10 marks the start of CMMC, not the finish line What to do before the rollout — including updating your SPRS scores When service providers (like CPA firms) come into scope Key insights from the field — over 430 Level 2 assessments completed and counting Tips to prepare for the 2026 Phase 2 rollout and avoid assessment backlogs Sooooooo much more Of course, things got a little fun — proving once again that CMMC doesn’t have to be scary.   CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

CMMC timelines, DFARS 7025, FedRAMP CRM responsibilities, interim compliance signals, and what’s next for NIST 800-171 Rev. 3, our team of CMMC Certified Assessors (CCAs) covered the hottest questions the DIB is asking right now. If you’re aiming for Level 2 or fielding customer requests for proof of certification in Phase 1, this conversation is your quick-hit guide to what matters most.   CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

The long-awaited final 48 CFR DFARS 7021 rule has dropped, and CMMC is officially headed into contracts. In this special live call-in edition of Cyberspin, the Redspin team gives their quick breakdown to the finalized rule before answering audience questions on everything from SSO/MFA and joint ventures to whether small contractors can realistically achieve Level 2 certification. We also dive into separation of duties, prime pressure on subs, and the most cost-effective paths to certification, and so much more   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this live CMMC Connect session, Redspin’s experts tackle audience questions head-on: How soon after 48 CFR finalization will CMMC Level 2 show up in contracts? What’s the best way to secure printers in hybrid work environments? And what happens when CMMC shortfalls trigger False Claims Act investigations? Tune in for real-world answers, practical tips, and a candid look at the signals DoD contractors can’t afford to miss. CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode, we unpack one of the most common questions in the CMMC space: What actually triggers a reassessment? From changes in CUI flow to infrastructure shifts and company acquisitions, we break down when you might need to re-certify—and what’s still awaiting clarity from the DoD. We also share lessons learned from the field, including common missteps organizations are making in cloud environments. Misconfigured policies, inherited templates, and SSPs that don’t reflect reality are tripping up otherwise prepared teams. Next, we take a closer look at the Shared Responsibility Model. Your External Service Provider (ESP) can’t carry the full weight of compliance. We explain what controls can be inherited, what’s shared, and where your organization is ultimately accountable. Then we dive into key updates on 48 CFR—the rule that puts CMMC into contracts. With final review underway, we discuss what the phased rollout may look like, enforcement timelines, and how this will impact existing agreements. Finally, don’t miss the live Q&A segment, where we tackle everything from overseas CUI control obligations to M365 scoping confusion and the new six-year evidence retention rule. Tune in & take notes! CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Big moves in CMMC rulemaking are happening, and the signals from DoD leadership are loud and clear. In this episode, we break down the recent milestone that sent 48 CFR to OIRA for final review, the critical July 18th memo from THEE Secretary of Defense, and what it all means for the Defense Industrial Base. We’ll talk terminology ("effective" vs. "enforceable"), and timelines for contractors.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this CMMC Connect replay episode, we dive into the most pressing questions facing the Defense Industrial Base right now. Kicking things off with a state-of-the-ecosystem update, our panel tackles the big-ticket items—how much CMMC actually costs, where we are in the implementation timeline, and how many assessments have already been completed. We also break down the current stats on authorized C3PAOs and certified professionals in the ecosystem. After setting the stage, we shift into audience-driven content, answering pre-submitted questions and opening the floor for a lively live Q&A with defense contractors across the country. Whether you’re prepping for your assessment or just trying to wrap your head around what CMMC means for your business, this episode is packed with insight and candid guidance from the front lines. Tune in & take notes! CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This month, our expert panel tackles the real-world challenges of CMMC compliance, from getting started and surviving assessments to sustaining success. We break down training must-haves, insider threat risks, MFA requirements, retroactive CUI headaches, and how tools like VDI and FedRAMP fit into your strategy. Tune in for practical tips, pitfalls to avoid, and audience Q&A that dives into the details you actually care about. CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

A long time ago (okay, April 24, 2025), in an ecosystem not so far away… Redspin hosted a CCA and CCP Q&A packed with practical advice for navigating CMMC compliance. Topics spanned NIST 800-171 Rev. 3 updates, ERP system management, SSP maintenance, CUI handling in Azure GCC vs. GCC High, remote access security, and cost distribution across federal contracts.   Panelists also explored user privileges, FedRAMP equivalency, and how CUI management differs between civilian and DoD contexts. Listen in for real-world insights and strategies to conquer the complexities of CMMC!   CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

With headlines swirling about the new DoD nominee reviewing 48 CFR( the rule that puts CMMC in contracts), is CMMC on the chopping block? Rob Teague, Dr. Thomas Graham, and special guest David Bailey break down the headlines and clear up the confusion. Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Insights from our CMMC Assessor team on: Preparing for CMMC assessments The implications of using AI in compliance Requirements for cloud services. The session also addresses common questions regarding vulnerability data, SPRS compliance, and the differences between GCC and GCC High environments. The conversation concludes with a live AMA session where participants can engage directly with the panelists.  CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This month, we cover important updates regarding CMMC compliance, including a JSVA update and Katie Arrington's return to the driver's seat.   Our panelists delve into the complexities of compliance with CUI regulations, the challenges of recovering costs in future contracts, and the importance of customer responsibility matrices in FedRAMP. It also addresses the nuances of CMMC compliance, particularly regarding subcontractor challenges and the integration of ERP solutions, plus so much more.   CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This month, we break down the FAR CUI proposed rule and what it means for your CMMC readiness. Our experts, Phil, Les, Dr. Thomas, Rob, and Jeremy, tackle key topics, including: Security awareness training – Who needs it and why? Reporting requirements – What’s changing and how to stay compliant. Assessment costs – What impacts pricing and how to save money. GRC tools & cloud compliance – Choosing the right solutions. Join us for practical insights and expert advice on navigating CMMC. CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode, the Redspin team of Certified CMMC Assessors (CCAs) gets together to break down the latest updates and buzz in the CMMC ecosystem.   They discuss the surprises in the recently published proposed FAR CUI rule, the status of the 48 CFR rule (CMMC in contracts) and when to expect it to be finalized, as well as what CMMC Level 3 means for the Defense Industrial Base (DIB) and where to start. The team also explores the potential impact of a new administration on rulemaking progress and CMMC initiatives, dives into updates on NIST 800-171 Rev 3, and discusses whether CMMC could expand across the entire federal government. Listen for input directly from a C3PAO,  so you don’t have to sift through it all yourself! Check out the FAR CUI rule here—specific questions for public comment begin on page 46.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode of Cyberspin, we bring you a replay of December’s CMMC Connect session, featuring an engaging discussion with our CCPs and CCAs: Jeremy Meyers, Rob Teague, Dr. Thomas Graham, and Belen Coleman. The team tackles audience questions, dives into the implications of the finalized and in effect 32 CFR rule, and explores practical strategies for achieving and maintaining CMMC compliance. Key topics include: Preparing for the effective date of 32 CFR and beyond. Addressing challenges with EMASS and certification timelines. Best practices for balancing compliance and operational needs. Insights into evidence requirements, self-assessments, and scoring complexities. A practical look at cloud solutions, hybrid environments, and architectural best practices. Whether new to CMMC or seeking expert guidance, this session offers actionable advice and insights to help your organization succeed. Don’t forget to join us live for the next CMMC Connect session on the last Thursday of every month! Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this special episode, Robert Hill, CEO at Cyturus, shares the inside scoop from his discussion with Representative Gary Palmer’s staff about Palmer’s joint resolution disapproving the CMMC rule. Learn what this resolution means for DoD contractors, how it could impact compliance efforts, and why staying focused on the path to compliance is more important than ever. Listen to clarify the implications and next steps for navigating this critical moment in the defense industrial base.     Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This conversation is a replay of Redspin's November 2024, CMMC Connect Q&A session. The conversation covers various aspects of the CMMC process, including boundary considerations, asset definitions, and strategies for preparing for assessments.   The speakers (some who are live from the Cyber AB's CEIC Conference) provide insights into the latest updates on the new CMMC Assessment Process (CAP) release, how Managed Service Providers (MSPs) can prepare for Level 2, and best practices for making the assessment process smoother.   They also discuss the challenges of handling unsupported operating systems and the importance of risk management in these scenarios. This conversation delves into various aspects of CMMC compliance, including the necessity of MFA for Wi-Fi access and the handling of CUI in different contexts. The discussion also covers the importance of background checks for third-party employees, the management of visitor controls in research environments, and updates on compliance processes and requirements such as FIPS validation. The panelists emphasize the need for thorough documentation and due diligence in maintaining compliance standards.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This episode shares October’s CMMC Connect session, which features special guest Matt King, Belcan's Chief Security and Data Officer, alongside Jeremy Mares and Robert Teague from Redspin. The team breaks down the latest CMMC updates, including insights on the finalized 32 CFR timeline, tips for defining CUI, and new requirements for MSP and ESP certifications. They also tackle audience questions on key topics like scoping, training, DIBCAC High certification (JSVAP), and much more. Whether you’re a defense contractor or cybersecurity professional, this episode offers valuable insights into navigating CMMC requirements. Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Rob Teague and the team discuss the anticipated 32 CFR final rule. They explore initial key takeaways from the rule, including changes in certification processes for external service providers, DIBCAC-High assessments, the appeals process, record retention requirements, and the impact of mergers and acquisitions on certification.   Rob, Dr. Thomas Graham, and Jeremy Mares emphasize the importance of acting quickly to navigate the upcoming certification landscape and address the challenges posed by potential assessment backlogs.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.  

This episode is a replay of the latest CMMC Connect session, where we tackle critical updates on CMMC rulemaking, public comments, and timelines. It features insights from the "Queen of CMMC" Tara Lemieux, Rob Teague, who joins us live from NCS, and cloud security expertise from Steve Akers. We dive into essential tips for compliance, Cloud environments, the 48 CFR rule, and what small businesses need to know as 2025 approaches. Don't miss this deep dive into CMMC and the chance to prepare for what’s next.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this month's episode, we revisit the August CMMC Connect session, where Jeremy, Thomas, and Rob discuss the latest updates and questions surrounding the Cybersecurity Maturity Model Certification (CMMC).  Tune in as we cover key topics, including the anticipated timeline for CMMC certification requirements, recent developments like the 32 CFR and 48 CFR publications, and the cost implications for small businesses aiming for CMMC Level 2 certification. The panel also addresses the complexities of scoping CMMC compliance in cloud environments, the role of joint surveillance assessments, and how to navigate potential challenges in meeting compliance requirements. This episode is packed with actionable insights and answers to your most pressing CMMC questions, making it a must-listen for anyone involved in the defense industrial base (DIB) or interested in staying ahead of CMMC developments. Key Takeaways: Understanding the latest timeline and requirements for CMMC certification. Navigating the 32 CFR and 48 CFR updates and their implications for contracts. Strategies for small businesses to minimize costs while achieving CMMC compliance. Insights on using cloud environments like Azure and GCC for CMMC compliance. Practical advice on managing CUI data and preparing for CMMC audits. Whether you're a prime contractor, subcontractor, or just getting started with CMMC, this episode provides valuable guidance on navigating the evolving landscape of cybersecurity compliance.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.  

As part of our CMMC Connect Series of the Cyberspin Podcast, this episode presents a replay of our latest CMMC Connect session. Listen as Jeremy Mares, Tara Lemieux, Dr. Thomas Graham, and Rob Teague as they tackle audience questions on essential CMMC topics: CMMC Implementation strategies How to ensure suppliers and subcontractors protect sensitive data and are tackling CMMC Addressing requirements for small businesses (even those with just one person The consequences of not doing CMMC Plus, they answer a few additional questions from the audience   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode of the Cyberspin Podcast's CMMC Connect Series, we present a replay of our latest CMMC Connect session. Join Tara Lemieux, Dr. Thomas Graham, and Rob Teague as they answer audience questions on key CMMC topics, including NIST 800-171 Rev. 3 timelines, the impact of encryption on CUI, prime-to-subcontractor flow-down requirements and responsibilities, CMMC Certified Professional (CCP) courses, and more. Tune in for key takeaways and best practices to help you navigate your CMMC journey effectively.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode of the Cyberspin Podcast: CMMC Connect Series, we bring you a replay of our latest CMMC Connect session. Join Dr. Thomas Graham, Jeremy Mares, and Rob Teague as they answer audience questions on critical CMMC topics, including how remote desktop affects scoping, the best ways to share information with subcontractors within compliance, and strategies for gaining leadership buy-in. Tune in for key takeaways and best practices to help you navigate your CMMC journey effectively.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode of Cyberspin, join Rob Teague and Dr. Thomas Graham as they talk CMMC with special guests, Jennifer Simpson, Sr. Director, of Corporate Cyber Assurance and Shari Pettersson Director, of Information Security Authorizations & Decisions (ISAD) at BAE Systems, Inc. Learn how BAE Systems, Inc. embarked on their CMMC journey early with a Joint Surveillance Voluntary Assessment (JSVA). From early preparations to final assessments, get an insider’s perspective on how one of the leading defense contractors navigates the complexities of CMMC, ensuring the security and compliance of their operations. This discussion sheds light on how to prepare for CMMC directly from a prime contractor who has taken early steps to demonstrate cybersecurity maturity through CMMC.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Contractors serving the DoD are in a constant battle to safeguard their data in compliance with the CMMC. Listen to this episode of Cyberspin as our experts explore how managed cloud services can accelerate the Cybersecurity Maturity Model Certification (CMMC) journey and how they are the fastest and easiest way to accommodate a segment of your organization that handles CUI data. Subscribe & Stream: Gear up for your CMMC journey with "Cyberspin," available on Apple iTunes, Spotify, and redspin.com. Subscribe for the latest insights on navigating your cybersecurity landscape.

Contractors working with the Department of Defense (DoD) who store, process, and/or transmit CUI face a crucial challenge: ensuring that their technical security controls, documentation, policies, and processes are robust enough to meet the stringent demands of CMMC. With a range of Cloud offerings available, understanding how each aligns with CMMC standards can be quite a challenge.   Listen as we tackle the most prevalent misconceptions surrounding Azure Cloud and its ability to satisfy CMMC requirements. We'll break down the differences between Azure Commercial 365, Government Community Cloud (GCC), and GCC High. You'll learn when it's appropriate to choose GCC over GCC High, especially concerning ITAR data considerations, and whether FIPS Encryption is adequately provided for the communication and storage of Controlled Unclassified Information (CUI) data.   We'll also tackle the challenges that remote companies face in meeting CMMC's network criteria and explain why waiting until 2027 to address CMMC could be a misstep.   Tune in as we debunk myths and shed light on the essential criteria that will help you navigate your CMMC journey.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode, we sit down with Robert Hill, the Founder and CEO of Cyturus, to unravel the WHY behind the Cybersecurity Maturity Model Certification (CMMC).   Our conversation kicks off with the pressing question: Why do small defense contractors need the same level of security as industry giants like Boeing and Raytheon? Robert Hill walks us through the tactical why, painting a vivid hypothetical scenario. Imagine a seemingly minor 4-millimeter adversarial change in the dimensions of a gasket from a subcontractor manufacturer. This breach has the potential to infect the Department of Defense like a virus, leading to the grounding of a warfighter jet and the potential to impact lives.   The discussion extends beyond supply chain issues, delving into the critical need to protect intellectual property. Hill emphasizes that the true threat lies not just in information breaches but in the subsequent manipulation of data—a concept with long-term real-world implications.   Join us as we explore the technical aspects. However, our conversation takes a turn as we point out CMMC is not merely about IT controls; it's about fostering a culture of cybersecurity. CMMC is not a checkbox compliance but a movement that requires business buy-in and a deep understanding of the WHY.   Tune in to gain insights into the world of cybersecurity, understand the genuine need to protect national defense information, and recognize that CMMC is more than compliance—it's a cybersecurity movement.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Celebrate Cybersecurity Awareness Month with Redspin! We’re here to guide you through CMMC (Cybersecurity Maturity Model Certification). To mark this important month, we’ll be shining a spotlight on our CMMC guides each week. In this episode, we're excited to introduce Dr. Thomas Graham, a seasoned professional with a unique perspective on the world of cybersecurity, particularly from a Department of Defense (DoD) lens. With experience spanning the DHA, Navy medicine, from the governance perspective, and even a Federal Health IT Award-winning team, Thomas is well-equipped to shed light on the intricacies of this critical field. Join us as we uncover the historical roots of Controlled Unclassified Information (CUI) and "read the tea leaves" of the Cybersecurity Maturity Model Certification (CMMC), positioning itself as a unifying force for cybersecurity requirements across various government agencies. Thomas, an expert in discerning the nuances of language, shares his insights into the future of CMMC and its potential impact on the DoD and other federal agencies. Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.  

Celebrate Cybersecurity Awareness Month with Redspin! We're here to guide you through CMMC (Cybersecurity Maturity Model Certification). To mark this important month, we'll be shining a spotlight on our CMMC guides each week. In this episode, we chat with John Fitch, Azure expert who works with OSCs in building a secure encalve. John emphasizes CMMC offers significant value to both large and small contractors. It effectively safeguards against advanced persistent threats (APTs), particularly those targeting sensitive national information. Unlike a mere compliance checklist, CMMC prioritizes accountability making it a valuable addition to the future of national cybersecurity. Throughout the month, we'll be featuring Subject Matter Experts in the world of CMMC. These are the leaders who are actively engaged in safeguarding sensitive data within our ecosystem. Join us to learn about their roles, their history working with the Department of Defense, and their insights into the impact that CMMC will have. Together, we can strengthen our cybersecurity defenses and protect what matters most. Listen in at redspin.com or your favorite podcast platform.

Celebrate Cybersecurity Awareness Month with Redspin! We're here to guide you through CMMC (Cybersecurity Maturity Model Certification). To mark this important month, we'll be shining a spotlight on our CMMC guides each week.   This week, Robert Teague explains the intricacies of the assessment process, shedding light on how he assists individuals in preparing for assessment and interviews. Not only does he play a pivotal role within the greater CMMC ecosystem, but he also emphasizes the importance of maintaining the confidentiality of critical information, which is crucial to safeguarding the nation's security in an era where adversaries seek to exploit vulnerabilities and develop countermeasures.   This episode underscores the transition effect of CMMC from a reactive cybersecurity standpoint to a proactive cybersecurity approach. Teague's passion and firsthand experience play a vital role in securing this complex puzzle of national defense.   Throughout the month, we'll be featuring Subject Matter Experts in the world of CMMC. These are the leaders who are actively engaged in safeguarding sensitive data within our ecosystem. Join us to learn about their roles, their history working with the Department of Defense, and their insights into the impact that CMMC will have. Together, we can strengthen our cybersecurity defenses and protect what matters most. Listen in at redspin.com or your favorite podcast platform.

In this episode, we have the privilege of hosting a true luminary in the fields of politics, defense, and entrepreneurship - the remarkable Katie Arrington. From her pivotal role as the CISO of the Department of Defense (DoD) where she helped launch the Cybersecurity Maturity Model Certification (CMMC), to her representation of South Carolina's 94th district, Katie Arrington is a force to be reckoned with.   Throughout this candid conversation, Katie opens up about her concerns with the CMMC framework, the clever intent of adversaries, the very real and serious cyber threats our country faces, and why CMMC plays a bigger role than most understand at this point in the game.   Tune in and listen as Katie Arrington provides perspective on the world of cybersecurity, defense, and the profound impact they have on our nation's security and business landscape. Her advocacy for national defense will leave you with a deeper understanding of the challenges and opportunities in this ever-evolving domain. This is an episode you won't want to miss!   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.  

Celebrate Cybersecurity Awareness Month with Redspin! We're here to guide you through CMMC (Cybersecurity Maturity Model Certification). To mark this important month, we'll be shining a spotlight on our CMMC guides each week. In this episode, we're thrilled to introduce Jeremy Mares, the first guide you will likely meet on your journey through CMMC. Listen as Jeremy breaks down the various CMMC paths that organizations can follow. Jeremy reminds us that CMMC compliance can vary significantly from one organization to another, and his role is to assist Organizations Seeking Certification in navigating the multitude of options and finding the best path that suits their specific needs and goals. Throughout the month, we'll be featuring Subject Matter Experts in the world of CMMC. These are the leaders who are actively engaged in safeguarding sensitive data within our ecosystem. Join us to learn about their roles, their history working with the Department of Defense, and their insights into the impact that CMMC will have. Together, we can strengthen our cybersecurity defenses and protect what matters most. Listen in at redspin.com or your favorite podcast platform.

Celebrate Cybersecurity Awareness Month with Redspin! We're here to guide you through CMMC (Cybersecurity Maturity Model Certification). To mark this important month, we'll be shining a spotlight on our CMMC guides each week. In this episode, we're excited to introduce Tara Leimeux, known as the "Princess of CMMC". Tune in to discover the inspiration behind her passion  and gain a deeper understanding of the dedication and hard work that has propelled CMMC to where it is today.  Throughout the month, we'll be featuring Subject Matter Experts in the world of CMMC. These are the leaders who are actively engaged in safeguarding sensitive data within our ecosystem. Join us to learn about their roles, their history working with the Department of Defense, and their insights into the impact that CMMC will have. Together, we can strengthen our cybersecurity defenses and protect what matters most. Listen in at redspin.com or your favorite podcast platform.

Welcome to Cyberspin, a podcast by Redspin. This podcast is your go-to resource for gaining valuable insights into the world of Cybersecurity Maturity Model Certification, commonly known as CMMC. Listen in as our experts navigate crucial CMMC updates, emerging trends, key challenges, best practices, and much more. Tune in at redspin.com or your favorite podcast platform.

Dr. Thomas Graham and Robert Teague chat about the latest updates and announcements regarding the Cybersecurity Maturity Model Certification (CMMC). Tune is as the two discuss the accidental release of CMMC Level 3 draft, recent rulemaking progress with CMMC now in the hands of OIRA, and give us a glimpse of what lies ahead for CMMC internationally. Listen now to stay informed about the evolving landscape of CMMC and its impact on organizations seeking certification.   Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released every other week and a transcript of each episode can be found at redspin.com. Do you have a question, topic, or idea you’d like us to address on this podcast? Send us an email [email protected] and we will do our best to cover it in our upcoming episodes!

We unravel the world of Managed Services and their role in Cybersecurity Maturity Model Certification (CMMC). Explore the dynamic landscape of Managed Services, focusing on security and cloud solutions tailored to meet your CMMC needs. Whether you're grappling with limited IT staff, budget constraints, or with on-premises systems, Managed Services offer a solution to your pain points. Learn how Managed Services providers, like us at Redspin, with their expertise in CMMC, security and IT, can be the missing piece in your CMMC puzzle. Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released every other week and a transcript of each episode can be found at redspin.com. Do you have a question, topic, or idea you’d like us to address on this podcast? Send us an email [email protected] and we will do our best to cover it in our upcoming episodes!

Join Redspin's Rob Teague and Thomas Graham, along with special guests Chandler Hall and Steve Pratt from Sentar, as they demystify CMMC documentation compliance in this episode. Discover the critical role of documentation for OSCs and its significance in the CMMC process. Our experts define documentation in the context of CMMC and unravel its constant evolution. Delve into SSPS and its key components, including high-level ODPs, policies and procedures, CUI data flow diagram, asset inventory, and system description. Unlock insights from C3PAOs, emphasizing practices over objectives, and learn the benefits of working with MSPs and RPOs. Explore opportunities to streamline and consolidate policies, plans, and procedures, finding the perfect balance between efficiency and excess. Listen in as we crack the code of CMMC documentation compliance, and discover whether being lean is too mean or if bloat equals gloat. Tune in for a concise and enlightening exploration of this vital cybersecurity topic.   Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released every other week and a transcript of each episode can be found at redspin.com. Do you have a question, topic, or idea you’d like us to address on this podcast? Send us an email [email protected] and we will do our best to cover it in our upcoming episodes!

In this episode, we're going to dive into a topic that has been making waves in the CMMC community - the updates introduced in NIST 800-171 Revision 3 and explore the significant impact for organizations seeking Cybersecurity Maturity Model Certification (CMMC) certification. Join us as we navigate through the key changes and enhancements introduced in Revision 3 and how they shape the landscape of CMMC. We discuss the updates, the expanded scope, timeline, and the implications for organizations seeking CMMC certification. Through this discussion and expert analysis, Dr. Thomas Graham and Robert Teague shed light on the significance of this update, providing valuable insights for businesses and individuals navigating CMMC. Tune in to gain a deeper understanding of the new NIST 800-171 Revision 3 and its far-reaching implications for CMMC. Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released every other week and a transcript of each episode can be found at redspin.com. Do you have a question, topic, or idea you’d like us to address on this podcast? Send us an email [email protected] and we will do our best to cover it in our upcoming episodes!

In this episode Matt Travis, CEO of the Cyber AB joins us to discuss the latest updates and processes in the Cybersecurity Maturity Model Certification (CMMC) rulemaking timeline, as of March 3rd, 2023. Matt breaks down what the proposed rule looks like, how long it will take before its finalized, and more. Whether you're leading your organizations CMMC efforts, are a C3PAO, or simply following along with this important cybersecurity initiative, this episode provides valuable insights into the CMMC ecosystem. Tune in to stay ahead of the curve in safeguarding your organization's critical data. Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released every other week and a transcript of each episode can be found at redspin.com. Do you have a question, topic, or idea you’d like us to address on this podcast? Send us an email [email protected] and we will do our best to cover it in our upcoming episodes!

This episode addresses one topic taken from our top ten list of most common failed practices from the CMMC & DIBCAC High assessments.  Today we discuss Non-Federal Organization (NFO) controls, where Appendix E comes into play, updates on the NIST 800-171 rev.3 announcement, and dig a little into cybersecurity strategy.  Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released every other week and a transcript of each episode can be found at redspin.com. Do you have a question, topic, or idea you’d like us to address on this podcast? Send us an email [email protected] and we will do our best to cover it in our upcoming episodes!

This episode addresses one topic taken from our top ten list of most common failed practices from the CMMC & DIBCAC High assessments.  Today we discuss your CMMC (and DFARS) requirements around Incident response, how to address the problem of limited resources for small and medium-sized businesses, and cover what actually makes a good communications/response plan. Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released every other week and a transcript of each episode can be found at redspin.com. Do you have a question, topic, or idea you’d like us to address on this podcast? Send us an email [email protected] and we will do our best to cover it in our upcoming episodes!

This episode addresses one topic taken from our top ten list of most common failed practices from the CMMC & DIBCAC High assessments.  Logging plays a major role in protecting an organization's CUI and FCI because it detects malicious activity. This episode highlights logging best practices, learned by Redspin, the first Authorized CMMC C3PAO. Rob and Thomas talk through your logging options (to perform them manually, or use a new/existing SIEM?), what your program needs to include to meet requirements, and what evidence you need to be prepared to provide during an assessment.  Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released every other week and a transcript of each episode can be found at redspin.com. Do you have a question, topic, or idea you’d like us to address on this podcast? Send us an email [email protected] and we will do our best to cover it in our upcoming episodes!

This episode addresses one topic taken from our top ten list of most common failed practices from the CMMC & DIBCAC High assessments.  The documentation episode, where we address some of Redspin's most common questions like: Do I need documentation for every domain? How long should your SSP be? Why do we need documentation, and do we still need it with CMMC 2.0? Listen in as Rob and Thomas walk through the documentation requirement, what to expect during an assessment, important documentation aspects you can't afford to miss, and where to turn when you don't know where to begin (we have templates!). Subscribe to CyberSpin: Apple iTunes, Spotify, Stitcher, or your preferred podcast platform. New episodes are released every other week and a transcript of each episode can be found at redspin.com. Do you have a question, topic, or idea you’d like us to address on this podcast? Send us an email [email protected] and we will do our best to cover it in our upcoming episodes!