How the CRM Powers CMMC Compliance

In this episode, Kaleigh and Bobby discuss the critical role of data flow diagrams in system security plans, particularly in the context of CMMC compliance. They explore the importance of understanding data flow, identifying sources and users, and ensuring proper sanitization of controlled unclassified information (CUI). The conversation emphasizes the need for organizations to be aware of how data flows through their systems and the implications for security and compliance. Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh and Bobby delve into the intricacies of Customer Responsibility Matrices (CRMs) within the context of CMMC compliance. They discuss the importance of having a well-defined CRM, the relationship between CRMs and service agreements, and how these elements play a crucial role in assessments. The conversation emphasizes the need for clarity in responsibilities, the role of Managed Service Providers (MSPs), and the expectations of auditors. The hosts provide insights on how to effectively create and utilize CRMs to ensure compliance and avoid potential pitfalls during assessments.32 CFR: https://www.govinfo.gov/content/pkg/FR-2024-10-15/pdf/2024-22905.pdfThe CAP: https://cyberab.org/Portals/0/CMMC%20Assessment%20Process%20v2.0.pdf?ver=fEk1pUK1Fg26fVtopxv_DA%3d%3dAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

This protips podcast episode is extra special! It includes clips from our webinar delving into the intricacies of system security plans (SSPs), emphasizing their critical role in organizational security and compliance with NIST 800.171 and CMMC standards. The discussion covers the importance of scoping, defining system boundaries, managing data flow, and detailing security controls. It also highlights the necessity of well-defined policies and procedures, as well as the clear outlining of user roles and responsibilities. We share insights on building comprehensive SSPs, the challenges faced by Managed Service Providers (MSPs), and the importance of documentation management in maintaining effective security practices.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Want to take part in our upcoming webinar? Register now: https://events.teams.microsoft.com/event/6b7074f6-f21c-4884-ae24-d06f5f5be94c@edee3165-cd1d-46a0-9efe-d70636e1f49bLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh interviews Dy Edington, the Director of Information Security at AV (formally BlueHalo), about her journey through the CMMC Level 2 assessment. Dy shares insights on the importance of leadership buy-in, team collaboration, and the challenges faced during implementation. She emphasizes the significance of documentation, training, and continuous improvement in maintaining compliance. She also offers valuable advice for those starting their CMMC journey, highlighting the need for communication and understanding across all departments.Dy Edington's Linkedln: https://www.linkedin.com/in/dy-edington/AV Website: https://www.avinc.com/Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Kaleigh Floyd's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this first episode of Season 4 of Climbing Mount CMMC, Bobby and Kaleigh discuss the intricacies of Plans of Action and Milestones (POA&Ms) in the context of compliance with CMMC and NIST standards. They explore the historical misuse of POA&Ms, the new regulations that have been implemented, and the importance of creating effective POA&Ms. The conversation also touches on the role of operational plans of action (OPAs) and the implications of involving external service providers in the remediation process. The episode concludes with insights on navigating changes in compliance and assessments.LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

*Spoiler Alert* CMMC is real and it's happening right now.In this episode, Kaleigh Floyd and Bobby Guerra discuss the critical aspects of CMMC compliance for contractors, addressing common questions and concerns. They explore the differences between CMMC Level 1 and Level 2, the importance of legal guidance, and the necessity of understanding controlled unclassified information (CUI). The conversation emphasizes the need for proactive planning, leadership buy-in, and the creation of a Plan of Action and Milestones (PoAM) to ensure successful compliance. They also touch on the implications of NIST 800-171 Rev 3 and the risks associated with delaying compliance efforts.Ryan Bonner's Video: https://www.youtube.com/watch?v=IEy-TkmKMt8Ryan Bonner's Linkedln: https://www.linkedin.com/in/rybonner/Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Bobby and Kaleigh discuss five significant changes they believe could be made to the CMMC ecosystem. They explore the thought of C3PAOs to providing recommendations after assessments, the possibility of allowing organizations to pass with a score of 88, and the importance of having a C3PAO assessment process for MSPs. They also emphasize the need for yearly reviews instead of full assessments and the challenges posed by FIPS regulations. The conversation highlights the importance of flexibility and clarity in the certification process. Just a reminder that no one is claiming CMMC Jesus in this episode. Our words are not scripture, just conversation.Axiom Linkedln: https://www.linkedin.com/company/axiomtech/Link to upcoming webinar: https://events.teams.microsoft.com/event/3f0f1447-834f-438b-9b81-74bc9eed8298@edee3165-cd1d-46a0-9efe-d70636e1f49bLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of adopting CMMC (Cybersecurity Maturity Model Certification) from both the MSP and client perspectives. They explore the challenges organizations face in implementing CMMC, the importance of client education, and the need for a structured approach to change management. The conversation emphasizes the necessity of leadership buy-in and the scalability of processes to ensure compliance without compromising efficiency. The hosts also highlight the ongoing nature of refining CMMC processes within MSPs and the importance of continuous improvement in this area.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Webinar Registration: https://events.teams.microsoft.com/event/3f0f1447-834f-438b-9b81-74bc9eed8298@edee3165-cd1d-46a0-9efe-d70636e1f49bLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh and Bobby discuss the complexities of CMMC documentation with Tom Conkle from Optic Cyber Solutions. They explore the challenges of writing effective System Security Plans (SSPs) and Customer Responsibility Matrices (CRMs), emphasizing the importance of viewing these documents as management tools rather than mere compliance checkboxes. The conversation highlights common pitfalls organizations face, the significance of clear communication between service providers and clients, and practical tips for creating effective documentation that enhances cybersecurity practices.Tom Conkle on Linkedln: https://www.linkedin.com/in/tomconkle/Kelly Hood on Linkedln: https://www.linkedin.com/in/kellyhoodoc/Optic Cyber Solutions LinksLinkeldn: https://www.linkedin.com/company/opticcyber/posts/?feedView=allWebsite: https://www.opticcyber.com/index.htmlYouTube: https://www.youtube.com/@OpticCyberOptic Cyber Resources Page: https://www.opticcyber.com/resources.htmlCustomer Responsibilities Matrix Template:https://43828014.hs-sites.com/shared-responsibilities-matrix-srm-downloadLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh Floyd and Bobby Guerra delve into the complexities of inheritance within the CMMC framework, particularly focusing on the role of external service providers (ESPs) and the responsibilities of organizations seeking assessment (OSA). They discuss the importance of system security plans, the nuances of the CMMC assessment process, and the challenges faced by managed service providers (MSPs) in navigating inheritance claims. The conversation emphasizes the need for clarity in responsibilities and the potential benefits and limitations of inheriting controls from ESPs. In this conversation, Kaleigh Floyd and Bobby Guerra delve into the complexities of CMMC compliance, focusing on the roles of Managed Service Providers (MSPs) and the concept of inheritance in assessments. They discuss the critical importance of understanding responsibilities between clients and MSPs, the nuances of service provisioning, and the need for clear communication to ensure successful compliance outcomes. The conversation emphasizes the importance of preparation, collaboration, and informed decision-making in navigating the CMMC landscape.LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn