Episoder
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
As a result of the 32 CFR Final CMMC rule, many organizations will be looking for help comprehending and implementing the imposed requirements. On this episode of the show, Jason and Joy dig into the differences between the Registered Practitioner (RP) certificate, and the Certified CMMC Professional (CCP) certification to highlight the value of the trainings for OSAs and ESP, and point out the importance of due dillegence above all!
[Webinar] CMMC Finalized: The 32 CFR CMMC Final Rule | Register Now: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
SPRS Scoring Webinar with Koren Wise - https://us06web.zoom.us/meeting/register/tZIoceihrTgoEtIS5scNKD_VWYB5IvLdYjSq
-
[Webinar] CMMC Finalized: The 32 CFR CMMC Final Rule | Register Now: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
The Cyber AB Townhall for the Month of October is the First TH since the publishing of the 32 CFR Final CMMC rule. On this episode of the show, Jason and Joy dig into the information distributed during the Townhall surrounding the re-authorization of C3PAOs and the eligibility of CMMC Certified Assesors (CCA).
CMMC Pathfinder Tool: https://www.summit7.us/pathfinder
-
Mangler du episoder?
-
[Webinar] CMMC Finalized: The 32 CFR CMMC Final Rule | Register Now: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
After years of waiting the FAR CUI rule has cleared regulatory review and we should see the proposed rule published in just a few weeks. In this episode we briefly cover the history of the FAR CUI rule and discuss what we know about it (and what we think we know).
The FAR CUI rule review page: https://www.reginfo.gov/public/do/eoDetails?rrid=539461
CMMC Pathfinder Tool: https://www.summit7.us/pathfinder
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
The 32 CFR CMMC final rule is finally final! It's also 470 pages long. What gives? Public comment responses. Literally just 230 pages of responses to public comments. While some of the responses are helpful, much of the time DoD was forced to take the time and space to explain why comments weren't relevant to the CMMC program at all.
Final Rule Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule
Effective Comments How To: https://youtu.be/1T_62cYiUA4?feature=shared
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?feature=shared
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
Yet another report analyzing defense contractor cybersecurity and compliance with DFARS contract clauses has found that adoption remains low. Even when companies are aware of their obligations, believe that CMMC will happen in 2024, and support minimum requirements there is no guarantee that implementation will happen. This week we dive into why that might be.
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
Calculating a self-assessment score is a fundamental part of complying with DoD cyber regulations. Unfortunately, Project Spectrum, the resource that DoD recommends more than any other no longer calculates an “SPRS score”. In this episode we briefly explain the requirement to self-assessment, the basics of calculating a score, and a little-known tool from DoD that can help.
Summit 7 Pathfinder Tool: https://www.summit7.us/pathfinder
Fuzzy Math (2021): https://youtu.be/843K3hkLquk
Project Spectrum: https://www.projectspectrum.io/#/
DIBCAC: https://www.dcma.mil/DIBCAC/
DoDAM (PDF): https://www.acq.osd.mil/asda/dpc/cp/cyber/docs/safeguarding/NIST-SP-800-171-Assessment-Methodology-Version-1.2.1-6.24.2020.pdf
CMMC Scoring: https://www.federalregister.gov/d/2023-27280/p-1429
CMMC False Starts: https://youtu.be/zwU4u86L_5A?
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
The Cyber AB held the monthly Townhall for September. And with the 32 CFR rule imminent, they have a lot of information to put out lately. On this week's episode, Jason and Joy are joined by Kyle Gingrich, Interim Executive Director of the CAICO, as they cover the information distributed during this months townhall, changes to CMMC Ecosystem roles, the gold ole' days of CMMC, and so much more.
Sum IT Up “CMMC Final Rule Publication: Imminent” : Driving a Future-Ready Transportation Sector (youtube.com)
Link to FedRAMp Equivalency Memo: FEDRAMP-EquivalencyCloudServiceProviders.pdf (defense.gov)
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
The 32 CFR CMMC final rule has officially cleared regulatory review. Next step: publication in the Federal Register. At this point the commercially availability of CMMC assessments is weeks away. This week Jacob and Jason go over the basics of rulemaking, the details of the CMMC rulemaking timeline, what's left in the process, and how to get started once and for all.
Summit 7 Pathfinder Tool: https://www.summit7.us/pathfinder
The History of CMMC (2010 – 2020): https://youtu.be/jbY2irZ1ePg
Pathfinder Tool Demo: https://youtu.be/JiDTCchfCa0?
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
This week we're deep diving into the details of DoD distribution statements with guest host Defcert CEO, Ryan Bonner. Hoping that your customer will proactively minimize CUI for you just isn't a viable strategy in this cruel world. Instead, Ryan walks us through his process for reverse engineering the government's decision to mark something (or not). Armed with this information, contractors can more easily push back on their customers and scope their DFARS and CMMC environments – the holy grail.
Summit 7 Pathfinder Tool: https://www.summit7.us/pathfinder
Ryan CS2 Denver: https://youtu.be/IEy-TkmKMt8?si=euj5dH7shvrvpbAt
RTX Charging Letter: https://www.linkedin.com/posts/jacob-evan-horne_whoopsie-daisy-62b-defense-corporation-activity-7237851962417774594-tbly
DoD CUI Registry: https://www.dodcui.mil/
NARA CUI Registry: https://www.archives.gov/cui/registry/category-list
-
CMMC Pathfinder Tool | In 5 minutes or less, this free tool will give you a clear path from where you are now to CMMC confidence: https://www.summit7.us/pathfinder
Special guest host Daniel Akridge walks us through a visual of Procurement Administrative Lead Time compared to the CMMC rulemaking timelines. Daniel also walks us through Summit 7's CMMC Pathfinder Tool - a free resource companies can use to know exactly what steps they should take and what solutions might work best.
Connect with Daniel on LinkedIn: https://www.linkedin.com/in/danielakridge/
Connect with Jacob on LinkedIn: https://www.linkedin.com/in/jacob-evan-horne/
PALT Podcast: https://www.youtube.com/watch?v=NZs4f5voyrg
CMMC Pathfinder Tool: https://www.summit7.us/pathfinder
-
The team is back from Navy Gold Coast 2024, and we have some thoughts and takeaways from one of the largest defense industry conferences of the year. The DoD and small businesses are looking ahead to 2025 acquisition calendars while CMMC inches closer by the day.
Follow Hollie: https://www.linkedin.com/in/hollieflanner/
48 CFR Rule: https://youtu.be/Fzi3SFEs92U?si=HrOU9ZnlrSd_-hPr
PALT: https://youtu.be/NZs4f5voyrg?si=RNq22xmwbd7oZUxZ
National Defense Strategy Pod: https://youtu.be/TZtNQ8rg8eI?si=UKMscIx6tlkjKKuL
The DIB Cyber Strategy Pod: https://youtu.be/JYsmwcWzglU?si=veyhdqi0T2Dnhpsc
The National Defense Industrial Strategy Pod: https://youtu.be/ZKKkyK5PeOc?si=109D07JfcZFSVaXf
-
CMMC isn't a requirement to bid on defense contractors, but CMMC is a requirement to take award of DoD contracts. That means the most important metric is how much time you have between bidding and taking award. Turns out that “PALT” times are rarely long enough to go from zero to certified and that's a big, big problem for companies who are waiting on CMMC.
Episode Links:
48 CFR Proposed Rule: https://youtu.be/Fzi3SFEs92U?si=jUpnHDQvFiiqOuc8
GAO report on PALT: https://www.gao.gov/products/gao-24-106528
Secure the DIB replay: https://www.summit7.us/securethedib
-
1,417 days after the original CMMC contract clause was created and 1,003 days after the announcement of CMMC 2.0 here we are – the proposed rule revising DFARS clause 252.204-7021. This is the piece of the puzzle that will actually show up in your RFPs, contracts, awards, orders, etc. What does it say? Who does it affect? When will it show up? We step through it line-by-line.
-
If you haven't caught a Cyber AB Town Hall lately, then you're missing out on valuable information. This week we give our take on the AB's rulemaking timeline, what the FY25 NDAA says about CMMC, the upcoming DoD IG report on the Cyber AB, and more!
Cyber AB Town Halls: https://cyberab.org/News-Events/Town-Halls
Secure the DIB replay: https://www.summit7.us/securethedib
-
Register for Secure the DIB: Summer Camp for FREE here: https://www.securethedib.us/
You're not crazy. According to a new inspector general report the federal CUI Program has been in hibernation for the last few years. But the story goes much deeper than run-of-the-mill findings. Desperately overworked civil servants, stubbornly non-compliant federal agencies, the lofty heights of the National Security Council, and even rumors of a new CUI executive order. This story might seem a world away from the day-to-day concerns of defense contractors, but what happens on top of the mountain inevitably rolls downhill.
ISOO IG Report: https://naraoig.oversight.gov/reports/audit/audit-naras-information-security-oversight-office
History of CMMC (2010 – 2020): https://youtu.be/jbY2irZ1ePg?si=bGiInfLCpr-WFvcF
-
Register for Secure the DIB: Summer Camp for FREE here: https://www.securethedib.us/
Summer is coming to a close and that means it's time for our annual Secure the DIB Summer Camp webinar. Summit 7's Daniel Akridge joins the show this week to share what he's seeing and hearing from defense contractors regarding market dynamics, what the primes are up to, and how companies are dealing with the cost of compliance.
Episode Links:
DIB Summer Camp: https://www.summit7.us/securethedib
Big Dan: https://www.linkedin.com/in/danielakridge/
-
Register for Secure the DIB: Summer Camp for FREE here: https://www.securethedib.us/
The DoD's Center for Manufacturing Cybersecurity has released a report documenting the level of confidence that defense contractors have in their cybersecurity posture. The conclusion? There is a systemic cybersecurity overconfidence problem in the DIB.
Episode Links:
DIB Summer Camp: https://www.summit7.us/securethedib
MxD Report: https://www.mxdusa.org/cyber/cyberreport/
-
Register for Secure the DIB: Summer Camp for FREE here: https://www.securethedib.us/
The 32 CFR CMMC final rule has officially left the DoD and is currently undergoing final regulatory review. This is the last step before publication in the Federal Register. Based on what we know, CMMC should be a reality before the end of 2024.
Episode Links: Proposed Rule Webinar: https://www.summit7.us/webinars/proposed-cmmc-rule
-
Now that SP 800-171 revision 3 is official, organizationally defined parameters (ODPs) are officially a part of our the rest of our lives. Like most things in SP 800-171 there are great details in SP 800-53 that help explain what's going on. In this episode we take a deep dive in requirement 3.1.8 through the lens of ODPs.
Episode Links:
SP 800-53: https://csrc.nist.gov/pubs/sp/800/53/r5/upd1/final
FedRAMP baselines: https://www.fedramp.gov/baselines/
-
The good news about NIST SP 800-171 revision 2 being the standard for the next few years is it's a smaller standard compared to revision 3. However, there are some confusing aspects to NIST SP 800-171 revision 2 that defense contractors can't afford to overlook. The most important? NFO Controls.
Episode Links:
NIST SP 800-171r2: https://csrc.nist.gov/pubs/sp/800/171/r3/final
DFARS 7012 Class Deviation: https://youtu.be/voziZRAMvv4?si=yPaUuHLnHIQsfGQu
Policy and Procedure Deep Dive: https://youtu.be/TXsKdH3hC6E?si=GoAlpEuMqQWAsOzr
- Se mer