Climbing Mount CMMC

This webinar discussion provides an in-depth exploration of the CMMC Level 2 assessment process, including the phases of assessment, methodologies, and the importance of media sanitization and risk assessments. The speakers share their experiences and insights, emphasizing the need for thorough preparation and understanding of compliance requirements to ensure successful outcomes in assessments. Bobby and Kaleigh walk listeners thr...

In this episode, Kaleigh Floyd, Bobby Guerra, and Vincent Scott discuss the upcoming rollout of the Cybersecurity Maturity Model Certification (CMMC) and the challenges facing the defense industrial base. They explore the readiness of organizations seeking certification, the role of implementers, and the potential impact on major defense systems. The conversation emphasizes the importance of preparation and accountability in achiev...

In this episode, Kaleigh interviews Logan Therrien from Kieri to discuss the role of C3PAOs in the CMMC ecosystem. They explore the importance of proper preparation for CMMC Level Two certification, common pitfalls organizations face during self-assessments, and the critical nature of documentation. The conversation also delves into the assessment process, the significance of system security plans, and the ongoing responsibilities ...

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of CMMC compliance, focusing on NIST 800-171 controls, self-assessments, risk reviews, change management, and the importance of tools in the compliance process. They emphasize the challenges faced by Managed Service Providers (MSPs) in navigating these requirements and the need for proactive communication with clients to manage expectations and ensure successf...

In this episode, Kaleigh and Bobby discuss the intricacies of the CMMC Level 2 assessment process, focusing on what to do when faced with a 'not met' status. They explore preparation strategies, the role of assessors, the implications of minor and major changes during assessments, and the importance of communication with clients. The conversation also covers the 10-day reevaluation period, the 180-day remediation process,...

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of navigating CMMC Level 2 certification and assessments, particularly focusing on the role of Managed Service Providers (MSPs). They explore the challenges faced by small MSPs, the importance of documentation, and the intricacies of the assessment process. The conversation emphasizes the need for MSPs to be well-prepared and knowledgeable to effectively suppo...

In this episode of Climbing Mount CMMC, Kaleigh and Bobby delve into the intricacies of vulnerability scanning, particularly in the context of CMMC Level 2 compliance for Managed Service Providers (MSPs). They discuss the challenges of vulnerability management, the importance of selecting appropriate tools, and the complexities involved in implementing effective scanning processes. The conversation emphasizes the need for clear doc...

In this episode, Bobby and Kaleigh discuss the complexities of navigating the Defense Industrial Base (DIB) space, particularly focusing on the Cybersecurity Maturity Model Certification (CMMC) assessments. They explore the challenges faced by organizations in understanding and complying with CMMC requirements, the importance of effective communication with C3PAOs, and the necessity of thorough preparation for assessments. The conv...

48 CFR IS HERE! And we have a lot to talk about. 

In this episode, Bobby and Kaleigh discuss the recent release of 48 CFR and its implications for contractors and subcontractors working with the Department of Defense (War). They explore the significance of the new regulations, the phased rollout strategy, and the importance of CMMC unique identifiers (UIDs). The conversation highlights the risks associated with non-compliance and th...

In this episode, Kaleigh and Bobby discuss the critical role of data flow diagrams in system security plans, particularly in the context of CMMC compliance. They explore the importance of understanding data flow, identifying sources and users, and ensuring proper sanitization of controlled unclassified information (CUI). The conversation emphasizes the need for organizations to be aware of how data flows through their systems and t...

In this episode, Kaleigh and Bobby delve into the intricacies of Customer Responsibility Matrices (CRMs) within the context of CMMC compliance. They discuss the importance of having a well-defined CRM, the relationship between CRMs and service agreements, and how these elements play a crucial role in assessments. The conversation emphasizes the need for clarity in responsibilities, the role of Managed Service Providers (MSPs), and ...

This protips podcast episode is extra special! It includes clips from our webinar delving into the intricacies of system security plans (SSPs), emphasizing their critical role in organizational security and compliance with NIST 800.171 and CMMC standards. The discussion covers the importance of scoping, defining system boundaries, managing data flow, and detailing security controls. It also highlights the necessity of well-defined ...

In this episode, Kaleigh interviews Dy Edington, the Director of Information Security at AV (formally BlueHalo), about her journey through the CMMC Level 2 assessment. Dy shares insights on the importance of leadership buy-in, team collaboration, and the challenges faced during implementation. She emphasizes the significance of documentation, training, and continuous improvement in maintaining compliance. She also offers valuable a...

In this first episode of Season 4 of Climbing Mount CMMC, Bobby and Kaleigh discuss the intricacies of Plans of Action and Milestones (POA&Ms) in the context of compliance with CMMC and NIST standards. They explore the historical misuse of POA&Ms, the new regulations that have been implemented, and the importance of creating effective POA&Ms. The conversation also touches on the role of operational plans of action (OPAs...

*Spoiler Alert* 

CMMC is real and it's happening right now.

In this episode, Kaleigh Floyd and Bobby Guerra discuss the critical aspects of CMMC compliance for contractors, addressing common questions and concerns. They explore the differences between CMMC Level 1 and Level 2, the importance of legal guidance, and the necessity of understanding controlled unclassified information (CUI). The conversation emphasizes the need for p...

In this episode, Bobby and Kaleigh discuss five significant changes they believe could be made to the CMMC ecosystem. They explore the thought of C3PAOs to providing recommendations after assessments, the possibility of allowing organizations to pass with a score of 88, and the importance of having a C3PAO assessment process for MSPs. They also emphasize the need for yearly reviews instead of full assessments and the challenges pos...

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of adopting CMMC (Cybersecurity Maturity Model Certification) from both the MSP and client perspectives. They explore the challenges organizations face in implementing CMMC, the importance of client education, and the need for a structured approach to change management. The conversation emphasizes the necessity of leadership buy-in and the scalability of proce...

In this episode, Kaleigh and Bobby discuss the complexities of CMMC documentation with Tom Conkle from Optic Cyber Solutions. They explore the challenges of writing effective System Security Plans (SSPs) and Customer Responsibility Matrices (CRMs), emphasizing the importance of viewing these documents as management tools rather than mere compliance checkboxes. The conversation highlights common pitfalls organizations face, the sign...

In this episode, Kaleigh Floyd and Bobby Guerra delve into the complexities of inheritance within the CMMC framework, particularly focusing on the role of external service providers (ESPs) and the responsibilities of organizations seeking assessment (OSA). They discuss the importance of system security plans, the nuances of the CMMC assessment process, and the challenges faced by managed service providers (MSPs) in navigating inher...