Climbing Mount CMMC

In this episode of Climbing Mount CMMC, Kaleigh and Bobby dive into a deep discussion on the complexities and challenges of achieving CMMC Level 2 certification for MSPs and OSCs with Lawrence Cruciana. They share insights on shared responsibility, operational maturity, and "the game of chicken" played between organizations in the cybersecurity compliance landscape.Lawrence's LinkedIn:  Lawrence Cruciana | LinkedInCorporate Information Technologies Website: Corporate Information Technologies - CorpInfoTechWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Cyb-Her, Kaleigh shares with Axiom employee, Maleah Adams, her journey from call coordinator to COO, speaking on her experiences in the MSP and cybersecurity space, including her work and transition to the CMMC ecosystem and her perspective as a woman in a male-dominated industry.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Fernando Machado (CCA) from CyberSec Investments shares his extensive experience with Kaleigh and Bobby about the CMMC assessment process, the journey to becoming a C3PAO, and practical insights for contractors navigating the certification landscape. They discuss the phases of assessments, scoping mistakes, and how to prepare effectively.Fernando's LinkedIn: https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/CyberSec Investments Website: https://cybersecinvestments.com/ ND-ISAC C3PAO Shopping Guide:  https://ndisac.org/defense-news/nd-isac-releases-c3pao-shopping-guide-for-small-medium-sized-businesses/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and, new to Axiom, Ashton Guerra discuss the critical questions organizations seeking CMMC Level 2 certification (OSCs) should ask their MSPs. They share insights on scope, security measures, and the importance of transparency in the certification journey.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this new series we like to call "Spelunking", Bobby and Kaleigh explore the updates in NIST 800-171 Revision 3, focusing on the differences from Rev 2, including control changes, assessment objectives, and preparation strategies for compliance. In this episode, they focus on control 03.02 Awareness and Training. They give valuable insights for MSPs, organizations, and assessors preparing for the upcoming changes and requirements.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In the season 5 premiere of Climbing Mount CMMC, Kaleigh and Bobby share practical, boots-on-the-ground insights on implementing CMMC self-assessments, especially for MSPs supporting multiple clients. They break down how to approach self-assessments with the discipline of a formal audit, while still building a process that can scale.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In the season 4 finale of Climbing Mount CMMC, Kaleigh and Bobby share their extensive experience navigating the complexities of achieving CMMC Level 2 certification as an MSP. They discuss the importance of commitment, education, strategic planning, and the realities of scaling support for government contractors.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Kaleigh and Bobby discuss the concept of grace within the CMMC framework, particularly focusing on the NIST 800-171 controls, the role of C3PAOs, and the importance of mock assessments. They emphasize the need for proper training and certification, the significance of daily reviews during assessments, and the opportunities provided by the 10-day remediation period. The conversation highlights the human element in assessments and the importance of communication between contractors and assessors.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Bobby and Adam discuss the implications of Rev3 for MSPs in the context of CMMC. They explore the challenges MSPs face in achieving compliance, the role of external service providers, and the importance of documentation and shared responsibilities. They highlight the evolving landscape of cybersecurity requirements and the necessity for MSPs to fully commit to compliance to effectively support their clients.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Bobby and Adam discuss the intricacies of Plan of Action and Milestones (POAM) in the context of cybersecurity assessments. They explore the importance of having a clear understanding of what constitutes a POAM, the distinction between operational plans and assessment findings, and the necessity of being prepared for assessments to ensure compliance. The conversation emphasizes the need for organizations to maintain clarity and organization in their documentation to avoid complications during assessments.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mounts CMMC, hosts Kaleigh Floyd and Bobby Guerra discuss the five stages of grief related to the CMMC compliance journey. They share personal experiences and insights on denial, anger, bargaining, depression, and acceptance, emphasizing the importance of understanding these emotions as organizations navigate the complexities of CMMC compliance. The conversation highlights the challenges faced by both service providers and contractors, offering encouragement and practical advice for overcoming obstacles in the compliance process.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd, Bobby Guerra, and Adam Evans discuss the complexities surrounding Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) in the context of CMMC compliance. They clarify the definitions, roles, and responsibilities of MSPs and CSPs, particularly in relation to handling Controlled Unclassified Information (CUI) and navigating FedRAMP requirements. The conversation emphasizes the importance of understanding the distinctions between these roles to avoid unnecessary confusion and compliance issues.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, the hosts discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers in compliance. They emphasize the need for System Security Plans (SSPs) to be living documents that adapt to evolving security needs and the necessity for contractors to prepare for the upcoming changes to avoid complications during assessments.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby are joined by Axiom's own, Adam Evans, to discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers in compliance. They emphasize the need for System Security Plans (SSPs) to be living documents that adapt to evolving security needs and the necessity for contractors to prepare for the upcoming changes to avoid complications during assessments.Link to NIST 800-171 Rev 3: https://csrc.nist.gov/pubs/sp/800/171/r3/finalAdam's Linkedln:  https://www.linkedin.com/in/grcadame/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the complexities of managing Controlled Unclassified Information (CUI) within the framework of CMMC compliance. They explore the challenges of physical boundaries, the role of personnel in safeguarding CUI, and the implications of printing and disposing of sensitive information. The conversation also touches on the nuances of working from home, the importance of training, and the recent DOD FAQs that have stirred debate in the industry. The hosts emphasize the need for businesses to understand their responsibilities and the potential pitfalls of non-compliance.DoD FAQ link: https://dodcio.defense.gov/Portals/0/Documents/CMMC/CMMC-FAQsv4.pdfNIST 800-88 link: https://csrc.nist.gov/pubs/sp/800/88/r2/finalWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of "Climbing Mount CMMC," hosts Kaleigh Floyd and Bobby Guerra delve into the intricacies of preparing for a CMMC Level 2 assessment, particularly focusing on the role of external service providers (ESPs) and Managed Service Providers (MSPs). They emphasize the importance of selecting a provider who not only understands the CMMC requirements but has also successfully guided clients through the assessment process. Kaleigh shares her personal experiences with contractors who have been misled by providers, likening the situation to being an Uber driver rather than a coach in a race. Bobby adds that understanding the CMMC controls at a referee level is crucial for any provider aiming to assist clients effectively. The conversation progresses to practical advice on how to vet potential providers, including asking about their experience with assessments, their understanding of NIST 800-171 controls, and the tools they use. Kaleigh and Bobby stress the necessity of having a customer responsibility matrix and a clear agreement that outlines the roles and responsibilities of both the provider and the client. They conclude by encouraging listeners to ask the right questions to avoid wasting time and resources, ensuring they choose a provider who can genuinely support them through the CMMC certification journey.Link to see our upcoming events: https://www.axiom.tech/upcoming-events/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, hosts Bobby and Kaleigh discuss the critical topic of self-attestation for CMMC level two requirements. They explore the evolution of self-attestation, the risks associated with misrepresentation, and the importance of accountability in the self-assessment process. The conversation emphasizes the need for organizations to prepare adequately for self-attestation, including having a solid system security plan and the necessary evidence to support their claims. The hosts also highlight the potential consequences of failing to comply with these requirements, including the role of whistleblowers and the importance of leadership taking these matters seriously.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the significant changes and challenges that companies will face in 2026 regarding CMMC compliance. They delve into the implications of new CMMC Level 2 requirements, the importance of self-assessments versus third-party assessments, and the potential consequences of non-compliance. The conversation also touches on the risks of false claims and whistleblowing, the expected timeframes for achieving compliance, and the impact of resource contention on costs. Finally, they emphasize the importance of finding the right Managed Service Provider (MSP) to navigate these challenges effectively.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd and Bobby Guerra discuss the intricacies of change management within Managed Service Providers (MSPs) and its critical role in ensuring compliance with CMMC standards. They emphasize the importance of leadership buy-in, effective training for both client and internal staff, and the necessity of a structured change approval process. The conversation also highlights the challenges MSPs face in navigating client expectations while maintaining compliance, and the need for thorough tracking of change requests to prepare for assessments.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this conversation, Dy Edington discusses the essence of CMMC, emphasizing that it is not merely about following specific procedures but about achieving results with consistency and transparency. She highlights the significance of managing change effectively to prevent unexpected disruptions, linking it to broader organizational processes.Dy's LinkedIn: https://www.linkedin.com/in/dy-edington/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Bobby interviews Axiom's Marketing Coordinator, Maleah Adams, about her experience taking the CCP (CMMC Certified Professional) course. In a brief conversation, they touch on what CMMC looks like from a beginner's perspective and how the CCP course helped shaped that knowledge. She shares what surprised her, what concepts were easier to grasp than expected, and how the training gave her a clearer picture of why compliance matters not just for IT teams but for an entire organization. If you've ever wondered what the first steps into CMMC look like or how the CCP course can build a solid foundation even for non-technical professionals, this episode is for you.Maleah's Linkedln: https://www.linkedin.com/in/maleah-adams-1433211bb/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Kaleigh Floyd and Kelly Hood discuss the essential steps for small businesses to navigate the complexities of CMMC compliance. They emphasize the importance of understanding the foundational reasons behind CMMC, the necessity of leadership involvement, and the identification of internal roles and responsibilities. The conversation also covers practical strategies for implementing NIST 800-171 controls, the significance of scoping, and tips for writing an effective System Security Plan (SSP). Throughout the discussion, they highlight the need for a cultural shift towards security and the importance of collaboration across departments.Kelly Hood's Linkedln: https://www.linkedin.com/in/kellyhoodoc/Optic Cyber Solutions: https://www.opticcyber.com/Optic's CMMC (L2) Progress Tracker: https://43828014.hs-sites.com/cmmc-l2-progress-trackerCAP: https://cs2.cloud/hubfs/CS2%202022/CS2%20DC/Resources/DRAFT%20CMMC%20Assessment%20Process%20(CAP)%20v1.0%20.pdfTimestamps: Intro 00:00 02:40The "Why" Behind NIST 800-171 02:41 07:35The Importance of Leadership Buy-In 07:36 10:39Defining Internal Roles 10:40 17:06Working Through Domain Controls 17:07 24:55Building Your SSP 24:56 31:29Take Scoping Seriously 31:30 39:04Write Something Down 39:05 41:15Closing Remarks 41:16 42:53Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

This webinar discussion provides an in-depth exploration of the CMMC Level 2 assessment process, including the phases of assessment, methodologies, and the importance of media sanitization and risk assessments. The speakers share their experiences and insights, emphasizing the need for thorough preparation and understanding of compliance requirements to ensure successful outcomes in assessments. Bobby and Kaleigh walk listeners through the nuances of a CMMC mock assessment and give a glimpse into what you can expect on assessment day. Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd, Bobby Guerra, and Vincent Scott discuss the upcoming rollout of the Cybersecurity Maturity Model Certification (CMMC) and the challenges facing the defense industrial base. They explore the readiness of organizations seeking certification, the role of implementers, and the potential impact on major defense systems. The conversation emphasizes the importance of preparation and accountability in achieving cybersecurity goals while addressing the complexities of the CMMC implementation process.Vincent Scott's Linkedln: https://www.linkedin.com/in/vincent-scott-cybersecurity/Defense Cyber Security Website: https://www.cybersecgru.com/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh interviews Logan Therrien from Kieri to discuss the role of C3PAOs in the CMMC ecosystem. They explore the importance of proper preparation for CMMC Level Two certification, common pitfalls organizations face during self-assessments, and the critical nature of documentation. The conversation also delves into the assessment process, the significance of system security plans, and the ongoing responsibilities after certification.https://cyberab.org/https://cyberab.org/Resources/Downloadshttps://www.youtube.com/@kierilfhttps://www.nist.gov/https://www.linkedin.com/in/logan-therrien/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of CMMC compliance, focusing on NIST 800-171 controls, self-assessments, risk reviews, change management, and the importance of tools in the compliance process. They emphasize the challenges faced by Managed Service Providers (MSPs) in navigating these requirements and the need for proactive communication with clients to manage expectations and ensure successful compliance.Isabel Rivera's Linkedln: https://www.linkedin.com/in/isabel-rivera-8a7565148/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the intricacies of the CMMC Level 2 assessment process, focusing on what to do when faced with a 'not met' status. They explore preparation strategies, the role of assessors, the implications of minor and major changes during assessments, and the importance of communication with clients. The conversation also covers the 10-day reevaluation period, the 180-day remediation process, and the appeal options available to organizations. Throughout the discussion, they emphasize the need for thorough preparation and understanding of the assessment landscape to navigate the challenges effectively.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of navigating CMMC Level 2 certification and assessments, particularly focusing on the role of Managed Service Providers (MSPs). They explore the challenges faced by small MSPs, the importance of documentation, and the intricacies of the assessment process. The conversation emphasizes the need for MSPs to be well-prepared and knowledgeable to effectively support their clients in achieving compliance.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Kaleigh and Bobby delve into the intricacies of vulnerability scanning, particularly in the context of CMMC Level 2 compliance for Managed Service Providers (MSPs). They discuss the challenges of vulnerability management, the importance of selecting appropriate tools, and the complexities involved in implementing effective scanning processes. The conversation emphasizes the need for clear documentation, continuous monitoring, and proactive maintenance strategies to ensure compliance and security. The hosts also highlight the significance of preparing for audits and the necessity of adapting to evolving requirements in the cybersecurity landscape.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Bobby and Kaleigh discuss the complexities of navigating the Defense Industrial Base (DIB) space, particularly focusing on the Cybersecurity Maturity Model Certification (CMMC) assessments. They explore the challenges faced by organizations in understanding and complying with CMMC requirements, the importance of effective communication with C3PAOs, and the necessity of thorough preparation for assessments. The conversation emphasizes the need for organizations to align their practices with C3PAOs and to be proactive in their compliance efforts to avoid costly failures during audits.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Dy Edington's Linkedln: https://www.linkedin.com/in/dy-edington/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

48 CFR IS HERE! And we have a lot to talk about. In this episode, Bobby and Kaleigh discuss the recent release of 48 CFR and its implications for contractors and subcontractors working with the Department of Defense (War). They explore the significance of the new regulations, the phased rollout strategy, and the importance of CMMC unique identifiers (UIDs). The conversation highlights the risks associated with non-compliance and the need for contractors to be proactive in preparing for the upcoming changes. The hosts emphasize the urgency for subcontractors to align with prime contractors' requirements and the potential consequences of overlooking these regulations.Read 48 CFR Here: https://www.govinfo.gov/content/pkg/FR-2025-09-10/pdf/2025-17359.pdfWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the critical role of data flow diagrams in system security plans, particularly in the context of CMMC compliance. They explore the importance of understanding data flow, identifying sources and users, and ensuring proper sanitization of controlled unclassified information (CUI). The conversation emphasizes the need for organizations to be aware of how data flows through their systems and the implications for security and compliance. Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby delve into the intricacies of Customer Responsibility Matrices (CRMs) within the context of CMMC compliance. They discuss the importance of having a well-defined CRM, the relationship between CRMs and service agreements, and how these elements play a crucial role in assessments. The conversation emphasizes the need for clarity in responsibilities, the role of Managed Service Providers (MSPs), and the expectations of auditors. The hosts provide insights on how to effectively create and utilize CRMs to ensure compliance and avoid potential pitfalls during assessments.32 CFR: https://www.govinfo.gov/content/pkg/FR-2024-10-15/pdf/2024-22905.pdfThe CAP: https://cyberab.org/Portals/0/CMMC%20Assessment%20Process%20v2.0.pdf?ver=fEk1pUK1Fg26fVtopxv_DA%3d%3dAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

This protips podcast episode is extra special! It includes clips from our webinar delving into the intricacies of system security plans (SSPs), emphasizing their critical role in organizational security and compliance with NIST 800.171 and CMMC standards. The discussion covers the importance of scoping, defining system boundaries, managing data flow, and detailing security controls. It also highlights the necessity of well-defined policies and procedures, as well as the clear outlining of user roles and responsibilities. We share insights on building comprehensive SSPs, the challenges faced by Managed Service Providers (MSPs), and the importance of documentation management in maintaining effective security practices.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Want to take part in our upcoming webinar? Register now: https://events.teams.microsoft.com/event/6b7074f6-f21c-4884-ae24-d06f5f5be94c@edee3165-cd1d-46a0-9efe-d70636e1f49bWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh interviews Dy Edington, the Director of Information Security at AV (formally BlueHalo), about her journey through the CMMC Level 2 assessment. Dy shares insights on the importance of leadership buy-in, team collaboration, and the challenges faced during implementation. She emphasizes the significance of documentation, training, and continuous improvement in maintaining compliance. She also offers valuable advice for those starting their CMMC journey, highlighting the need for communication and understanding across all departments.Dy Edington's Linkedln: https://www.linkedin.com/in/dy-edington/AV Website: https://www.avinc.com/Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Kaleigh Floyd's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this first episode of Season 4 of Climbing Mount CMMC, Bobby and Kaleigh discuss the intricacies of Plans of Action and Milestones (POA&Ms) in the context of compliance with CMMC and NIST standards. They explore the historical misuse of POA&Ms, the new regulations that have been implemented, and the importance of creating effective POA&Ms. The conversation also touches on the role of operational plans of action (OPAs) and the implications of involving external service providers in the remediation process. The episode concludes with insights on navigating changes in compliance and assessments.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

*Spoiler Alert* CMMC is real and it's happening right now.In this episode, Kaleigh Floyd and Bobby Guerra discuss the critical aspects of CMMC compliance for contractors, addressing common questions and concerns. They explore the differences between CMMC Level 1 and Level 2, the importance of legal guidance, and the necessity of understanding controlled unclassified information (CUI). The conversation emphasizes the need for proactive planning, leadership buy-in, and the creation of a Plan of Action and Milestones (PoAM) to ensure successful compliance. They also touch on the implications of NIST 800-171 Rev 3 and the risks associated with delaying compliance efforts.Ryan Bonner's Video: https://www.youtube.com/watch?v=IEy-TkmKMt8Ryan Bonner's Linkedln: https://www.linkedin.com/in/rybonner/Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Bobby and Kaleigh discuss five significant changes they believe could be made to the CMMC ecosystem. They explore the thought of C3PAOs to providing recommendations after assessments, the possibility of allowing organizations to pass with a score of 88, and the importance of having a C3PAO assessment process for MSPs. They also emphasize the need for yearly reviews instead of full assessments and the challenges posed by FIPS regulations. The conversation highlights the importance of flexibility and clarity in the certification process. Just a reminder that no one is claiming CMMC Jesus in this episode. Our words are not scripture, just conversation.Axiom Linkedln: https://www.linkedin.com/company/axiomtech/Link to upcoming webinar: https://events.teams.microsoft.com/event/3f0f1447-834f-438b-9b81-74bc9eed8298@edee3165-cd1d-46a0-9efe-d70636e1f49bWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of adopting CMMC (Cybersecurity Maturity Model Certification) from both the MSP and client perspectives. They explore the challenges organizations face in implementing CMMC, the importance of client education, and the need for a structured approach to change management. The conversation emphasizes the necessity of leadership buy-in and the scalability of processes to ensure compliance without compromising efficiency. The hosts also highlight the ongoing nature of refining CMMC processes within MSPs and the importance of continuous improvement in this area.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Webinar Registration: https://events.teams.microsoft.com/event/3f0f1447-834f-438b-9b81-74bc9eed8298@edee3165-cd1d-46a0-9efe-d70636e1f49bWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the complexities of CMMC documentation with Tom Conkle from Optic Cyber Solutions. They explore the challenges of writing effective System Security Plans (SSPs) and Customer Responsibility Matrices (CRMs), emphasizing the importance of viewing these documents as management tools rather than mere compliance checkboxes. The conversation highlights common pitfalls organizations face, the significance of clear communication between service providers and clients, and practical tips for creating effective documentation that enhances cybersecurity practices.Tom Conkle on Linkedln: https://www.linkedin.com/in/tomconkle/Kelly Hood on Linkedln: https://www.linkedin.com/in/kellyhoodoc/Optic Cyber Solutions LinksLinkeldn: https://www.linkedin.com/company/opticcyber/posts/?feedView=allWebsite: https://www.opticcyber.com/index.htmlYouTube: https://www.youtube.com/@OpticCyberOptic Cyber Resources Page: https://www.opticcyber.com/resources.htmlCustomer Responsibilities Matrix Template:https://43828014.hs-sites.com/shared-responsibilities-matrix-srm-downloadWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd and Bobby Guerra delve into the complexities of inheritance within the CMMC framework, particularly focusing on the role of external service providers (ESPs) and the responsibilities of organizations seeking assessment (OSA). They discuss the importance of system security plans, the nuances of the CMMC assessment process, and the challenges faced by managed service providers (MSPs) in navigating inheritance claims. The conversation emphasizes the need for clarity in responsibilities and the potential benefits and limitations of inheriting controls from ESPs. In this conversation, Kaleigh Floyd and Bobby Guerra delve into the complexities of CMMC compliance, focusing on the roles of Managed Service Providers (MSPs) and the concept of inheritance in assessments. They discuss the critical importance of understanding responsibilities between clients and MSPs, the nuances of service provisioning, and the need for clear communication to ensure successful compliance outcomes. The conversation emphasizes the importance of preparation, collaboration, and informed decision-making in navigating the CMMC landscape.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the complexities of scaling CMMC for Managed Service Providers (MSPs). They explore the challenges of compliance, the importance of tools, and the necessity of having structured operational and sales strategies. The conversation also delves into the 'Four Horsemen' of compliance, which are critical for maintaining security and compliance standards. Finally, they emphasize the importance of ongoing maintenance and the long-term scalability of CMMC processes for MSPs.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Bobby and Kaleigh discuss the challenges and strategies of marketing within the CMMC space. Kaleigh shares her journey of transitioning into this niche market, emphasizing the importance of building a reputation, understanding client needs, and maintaining transparency throughout the sales process. They explore the significance of effective communication, the necessity of educating clients about CMMC, and the balance between being sympathetic and correcting misconceptions. The conversation highlights the need for managed service providers to be proactive and knowledgeable in their approach to CMMC compliance.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Bobby and Kaleigh explore the CyberAB ecosystem, focusing on the various roles and certifications within the CMMC framework. They discuss the importance of understanding the distinctions between Registered Practitioners (RP), Registered Practitioner Organizations (RPO), CMMC Certified Professionals (CCP), and CMMC Certified Assessors (CCA). The conversation also highlights the role of C3PAOs in conducting assessments and the significance of external service providers in the certification process. The hosts emphasize the need for organizations to navigate these certifications effectively to ensure compliance and security in the cybersecurity landscape.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Link to Cyber AB certification requirements: https://cyberab.org/CMMC-Ecosystem/Ecosystem-RolesWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, hosts Kaleigh Floyd and Bobby Guerra delve into the intricacies of Customer Responsibility Matrices (CRMs) and their significance in CMMC compliance. They discuss the definition of CRMs, their importance in defining responsibilities between customers and service providers, and the essential components needed to create an effective CRM. The conversation emphasizes the need for clarity in responsibilities, the connection to NIST 800-171 controls, and the importance of understanding vendor relationships in the context of cybersecurity compliance.Optic Cyber Solutions CRM Template: MSP-customer-responsibility-matrix-template 1.xlsxKelly Hood: (9) Kelly Hood | LinkedInTom Conkle: (9) Tom Conkle | LinkedInBrian Hubbard: (9) Brian Hubbard | LinkedInWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, hosts Kaleigh Floyd and Bobby Guerra engage with Chris and Hannah Silvers, a father-daughter duo from CG Silver's Consulting. They discuss their journey in the cybersecurity field, the challenges and dynamics of CMMC, and the importance of community and collaboration in navigating this complex landscape. The conversation highlights the unique challenges faced by MSPs in adapting to CMMC requirements and the evolving nature of their business dynamics. The episode also touches on the intricacies of the sales process in CMMC consulting, emphasizing the need for education and understanding in client relationships. In this engaging conversation, Chris and Hannah Silvers, along with Kaleigh Floyd and Bobby Guerra, explore the intricacies of navigating the C3PAO landscape, the journey to certification, and the dynamics of working in a family business. They discuss the importance of confidence and growth in professional roles, generational perspectives in the workplace, and the empowerment that comes from experience. The conversation highlights the unique challenges and rewards of working in cybersecurity, particularly in the context of family relationships and mentorship.CG Silvers Consulting website: https://www.cgsilvers.com/Chris' LinkedIn: https://www.linkedin.com/in/cgsilvers/Hannah's Linkedln: (15) Hannah Silvers | LinkedInCyberAB listing with contact information: https://cyberab.org/Member/C3PAO-198-Cg-Silvers-Consulting-LlcWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd and Bobby Guerra discuss the critical issue of false starts in CMMC assessments, emphasizing the importance of proper documentation and preparation. They explore the phases of CMMC assessments, the consequences of failing to meet requirements, and the necessity of seeking help from consultants. The conversation highlights the significance of mock assessments and understanding the roles of external service providers in the assessment process. The hosts provide practical advice for avoiding false starts and ensuring a successful assessment journey.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby welcome back Kyle Lai to discuss the challenges and insights surrounding C3PAOs and the CMMC framework. They explore Kyle's journey into the C3PAO space, the current state of audits, and the importance of software development in compliance. The conversation highlights the need for collaboration between IT and software development teams, the significance of understanding controlled unclassified information (CUI), and the challenges faced during assessments. Kyle shares valuable insights on vulnerability management, the impact of open-source software, and strategies for leveraging existing platforms to ease compliance efforts. The episode concludes with a call for better communication and collaboration within organizations to ensure successful assessments and compliance.Kyle's LinkedIn: https://linkedin.com/in/kylelai/KLC Consulting: https://klcconsulting.netWeb Application Reference Architecture: https://acrobat.adobe.com/id/urn:aaid:sc:US:8bb4ebc1-8287-40af-8761-31bc035fa64cKLC's Playbook for CMMC Assessors: https://acrobat.adobe.com/id/urn:aaid:sc:US:abd836d0-7eea-43e5-ae72-86d06197fc54KLC's Software Security Principles Template and Related Resources:https://klcconsulting.net/cmmc-resource-tools/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of CybHer, Kaleigh Floyd interviews Jil Wright, president of Wrightbrained Security, discussing her extensive experience in IT and the CMMC space. They explore the challenges of cybersecurity assessments, the importance of documentation, and the evolving role of women in the tech industry. Jil shares insights on the necessity of evidence in assessments, the significance of mentorship, and the need for companies to prepare adequately for CMMC compliance. The conversation highlights the importance of collaboration and the unique challenges faced by women in cybersecurity.Jil's Linkedln: https://www.linkedin.com/in/itjil/ Wrightbrained Security: wrightbrainedsecurity.com Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Kaleigh and Bobby discuss the 32 CFR final rule and its implications for contractors and subcontractors in the defense industry. They delve into the history and importance of Controlled Unclassified Information (CUI), the requirements for achieving CMMC compliance, and the significance of DFARS clauses. The conversation also covers the challenges of creating a System Security Plan (SSP), the importance of scoping, and the flow-down requirements for subcontractors. The episode emphasizes the urgency for contractors to prepare for CMMC assessments and the potential consequences of non-compliance.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/