Mostly Compliant

Welcome back to another episode of Mostly Compliant, the cybersecurity show for professionals with trust issues, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.In this episode, Matt dives into the niche topic of FedRAMP equivalency with Josh, Co-Founder of NextStage, and Emily, their Chief Information Security Officer. Together, they unravel the confusion surrounding when and why FedRAMP equivalency is needed, how it ties to CMMC, and the differences between FedRAMP authorization and equivalency assessments. Josh also shares his personal journey navigating these requirements and the steps NextStage took to achieve compliance.About Mostly Compliant:Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.

Welcome back to another episode of Mostly Compliant, the cybersecurity show for professionals with trust issues, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.In this episode, Matt is joined by Michael Brooks, Lead CMMC Assessor at A-LIGN. Together, they explore the role of the affirming official in years two and three following CMMC certification. They discuss who the affirming official is, their responsibilities, and the risks they may encounter. About Mostly Compliant: Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.

Welcome back to Mostly Compliant, the cybersecurity show for professionals with trust issues, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.In this episode, Matt is joined by Matt Stern from Hypori to explore the intersection of mobile solutions and compliance, particularly in the context of CMMC. Together, they dive into the growing necessity of secure mobile solutions in today’s work environment and the risks posed by shadow IT.About Mostly Compliant: Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.

Description:Welcome back to Mostly Compliant, the cybersecurity show for professionals with trust issues, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.In this episode, Matt sits down with Bo Birdwell, a lead CCA and a key player at Elbit, a major prime contractor in the DoD supply chain. Bo brings a unique perspective to the table, sharing insights not only from his own experience navigating compliance but also from Elbit's efforts to encourage their suppliers to take CMMC seriously.The conversation delves into the differences between DIBCAC assessments and CMMC Level 2 assessments, while emphasizing the urgency and massive competitive advantage of achieving Level 2 certification in the next 12 to 18 months. About Mostly Compliant: Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.

Welcome back to Mostly Compliant, the cybersecurity show for professionals with trust issues, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.In this episode, Matt is joined by Kenny Scott, the Founder and CEO of Paramify, to discuss the past, present, and future of the System Security Plan (SSP). The conversation explores the core purpose of an SSP and why it's more than just a document — it's the autobiography of your system.Kenny offers practical advice for organizations navigating the requirements of FedRAMP and CMMC, highlighting the power of automation in reducing complexity and ensuring accuracy, with an insiders look into the FedRAMP 20X process.About Mostly Compliant: Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.

Welcome back to Mostly Compliant, the cybersecurity show for professionals with trust issues, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.In this episode, Matt is joined by Tony Bai, Chief Solutions Officer at RiskPoint and a seasoned expert in federal compliance frameworks. Together, they dive deep into the complexities of FedRAMP and its intersection with the DoD provisional authorization process for cloud service providers. Tony breaks down the nuances of impact levels, the additional controls required for DoD compliance, and the challenges of navigating FedRAMP equivalency.The conversation also explores the relationship between FedRAMP, CMMC, and controlled unclassified information (CUI), offering practical insights for cloud service providers working with DoD agencies.About Mostly Compliant: Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.

Welcome to another episode of Mostly Compliant, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.In this episode, Matt sits down with Michael Brooks, Lead CMMC Assessor at A-LIGN, to break down the CMMC Assessment Process (CAP) for Level 2 certification. Together, they explore the CAP’s purpose, its four key phases, and why Phase 1 — the pre-assessment — is essential for ensuring readiness.The conversation dives into the importance of system security plans (SSPs), scoping, and evidence preparation, while also addressing common misconceptions about Phase 1 and how it differs from a mock audit. Michael shares expert advice on navigating the process, avoiding pitfalls, and setting your organization up for success in the formal assessment.Listen to this episode on your favorite platform: lnk.to/X2VoDSAbout Mostly Compliant: Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.

Welcome to another episode of Mostly Compliant, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.In this episode, Matt is joined by Jacob Horne, Chief Security Evangelist at Summit 7 and a leading expert in cybersecurity compliance for the Aerospace and Defense industry. Together, they explore the challenges contractors face as CMMC becomes enforceable, including the risks of last-minute preparation, misconceptions about self-assessments, and the critical role of procurement timelines. Matt and Jacob also discuss the overconfidence many organizations have in their compliance status and the importance of acting now to avoid costly missteps.

Welcome to another episode of Mostly Compliant, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN. In this episode, Matt tackles the often misunderstood topic of the False Claims Act (FCA) and its implications for contractors in the CMMC space. To break it all down, he’s joined by Eric Crusius, a partner at Hunton Andrews Kurth’s DC office, specializing in government contracts, cybersecurity, and privacy law. Together, they explore the nuances of the FCA, including what it is, how cases typically arise, and real-world examples. Matt and Eric also share critical insights on what defense contractors should watch for in upcoming CMMC requirements to avoid potential FCA violations. About Mostly Compliant: Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.

In this episode, Matt sits down with Kevin Jans, a former contract officer and the founder and CEO of Skyway Acquisitions, a consulting organization made up of former contract officers dedicated to bridging the gap between contractors and government buyers. Together, they dive into the role of contract officers in the CMMC ecosystem, exploring their influence on requiring CMMC clauses in contracts, the number of bids needed to award new contracts, and the significant competitive advantage organizations can gain by achieving CMMC certification early.

Welcome to the first episode of Mostly Compliant, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN. On today's episode, we’re joined by the Director of Sales Engagement at Summit 7, Daniel Akridge. Matt and Daniel discuss the overall strategy of CMMC Level 2 compliance, explaining the distinction between technical and non-technical requirements, how Microsoft solutions can help with technical challenges, and the critical role of outside experts in the process.