Climbing Mount CMMC

In this episode, Kaleigh and, new to Axiom, Ashton Guerra discuss the critical questions organizations seeking CMMC Level 2 certification (OSCs) should ask their MSPs. They share insights on scope, security measures, and the importance of transparency in the certification journey.

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linkedln: https://www.linkedin.com/comp...

In this new series we like to call "Spelunking", Bobby and Kaleigh explore the updates in NIST 800-171 Revision 3, focusing on the differences from Rev 2, including control changes, assessment objectives, and preparation strategies for compliance. In this episode, they focus on control 03.02 Awareness and Training. They give valuable insights for MSPs, organizations, and assessors preparing for the upcoming changes and re...

In the season 5 premiere of Climbing Mount CMMC, Kaleigh and Bobby share practical, boots-on-the-ground insights on implementing CMMC self-assessments, especially for MSPs supporting multiple clients. They break down how to approach self-assessments with the discipline of a formal audit, while still building a process that can scale.

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_...

In the season 4 finale of Climbing Mount CMMC, Kaleigh and Bobby share their extensive experience navigating the complexities of achieving CMMC Level 2 certification as an MSP. They discuss the importance of commitment, education, strategic planning, and the realities of scaling support for government contractors.

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linke...

In this episode of Climbing Mount CMMC, Kaleigh and Bobby discuss the concept of grace within the CMMC framework, particularly focusing on the NIST 800-171 controls, the role of C3PAOs, and the importance of mock assessments. They emphasize the need for proper training and certification, the significance of daily reviews during assessments, and the opportunities provided by the 10-day remediation period. The conversation highlights...

In this episode of Climbing Mount CMMC, Bobby and Adam discuss the implications of Rev3 for MSPs in the context of CMMC. They explore the challenges MSPs face in achieving compliance, the role of external service providers, and the importance of documentation and shared responsibilities. They highlight the evolving landscape of cybersecurity requirements and the necessity for MSPs to fully commit to compliance to effectively suppor...

In this episode of Climbing Mount CMMC, Bobby and Adam discuss the intricacies of Plan of Action and Milestones (POAM) in the context of cybersecurity assessments. They explore the importance of having a clear understanding of what constitutes a POAM, the distinction between operational plans and assessment findings, and the necessity of being prepared for assessments to ensure compliance. The conversation emphasizes the need for o...

In this episode of Climbing Mounts CMMC, hosts Kaleigh Floyd and Bobby Guerra discuss the five stages of grief related to the CMMC compliance journey. They share personal experiences and insights on denial, anger, bargaining, depression, and acceptance, emphasizing the importance of understanding these emotions as organizations navigate the complexities of CMMC compliance. The conversation highlights the challenges faced by both se...

In this episode, Kaleigh Floyd, Bobby Guerra, and Adam Evans discuss the complexities surrounding Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) in the context of CMMC compliance. They clarify the definitions, roles, and responsibilities of MSPs and CSPs, particularly in relation to handling Controlled Unclassified Information (CUI) and navigating FedRAMP requirements. The conversation emphasizes the importance...

In this episode, the hosts discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers in compliance. They emphasize the need for System Security Plans (SSPs) to be living documents that adapt to evolving security needs and the necessity for contractors to prepare for the upcom...

In this episode, Kaleigh and Bobby are joined by Axiom's own, Adam Evans, to discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers in compliance. They emphasize the need for System Security Plans (SSPs) to be living documents that adapt to evolving security needs and...

In this episode, Kaleigh and Bobby discuss the complexities of managing Controlled Unclassified Information (CUI) within the framework of CMMC compliance. They explore the challenges of physical boundaries, the role of personnel in safeguarding CUI, and the implications of printing and disposing of sensitive information. The conversation also touches on the nuances of working from home, the importance of training, and the recent DO...

In this episode of "Climbing Mount CMMC," hosts Kaleigh Floyd and Bobby Guerra delve into the intricacies of preparing for a CMMC Level 2 assessment, particularly focusing on the role of external service providers (ESPs) and Managed Service Providers (MSPs). They emphasize the importance of selecting a provider who not only understands the CMMC requirements but has also successfully guided clients through the assessment p...

In this episode of Climbing Mount CMMC, hosts Bobby and Kaleigh discuss the critical topic of self-attestation for CMMC level two requirements. They explore the evolution of self-attestation, the risks associated with misrepresentation, and the importance of accountability in the self-assessment process. The conversation emphasizes the need for organizations to prepare adequately for self-attestation, including having a solid syste...

In this episode, Kaleigh and Bobby discuss the significant changes and challenges that companies will face in 2026 regarding CMMC compliance. They delve into the implications of new CMMC Level 2 requirements, the importance of self-assessments versus third-party assessments, and the potential consequences of non-compliance. The conversation also touches on the risks of false claims and whistleblowing, the expected timeframes for ac...

In this episode, Kaleigh Floyd and Bobby Guerra discuss the intricacies of change management within Managed Service Providers (MSPs) and its critical role in ensuring compliance with CMMC standards. They emphasize the importance of leadership buy-in, effective training for both client and internal staff, and the necessity of a structured change approval process. The conversation also highlights the challenges MSPs face in navigatin...

In this conversation, Dy Edington discusses the essence of CMMC, emphasizing that it is not merely about following specific procedures but about achieving results with consistency and transparency. She highlights the significance of managing change effectively to prevent unexpected disruptions, linking it to broader organizational processes.

Dy's LinkedIn: https://www.linkedin.com/in/dy-edington/

Website: https://www.axiom....

In this episode, Bobby interviews Axiom's Marketing Coordinator, Maleah Adams, about her experience taking the CCP (CMMC Certified Professional) course. In a brief conversation, they touch on what CMMC looks like from a beginner's perspective and how the CCP course helped shaped that knowledge. She shares what surprised her, what concepts were easier to grasp than expected, and how the training gave her a clearer picture ...

In this episode of Climbing Mount CMMC, Kaleigh Floyd and Kelly Hood discuss the essential steps for small businesses to navigate the complexities of CMMC compliance. They emphasize the importance of understanding the foundational reasons behind CMMC, the necessity of leadership involvement, and the identification of internal roles and responsibilities. The conversation also covers practical strategies for implementing NIST 800-171...