How to Build Your CMMC Documents the RIGHT Way

*Spoiler Alert* CMMC is real and it's happening right now.In this episode, Kaleigh Floyd and Bobby Guerra discuss the critical aspects of CMMC compliance for contractors, addressing common questions and concerns. They explore the differences between CMMC Level 1 and Level 2, the importance of legal guidance, and the necessity of understanding controlled unclassified information (CUI). The conversation emphasizes the need for proactive planning, leadership buy-in, and the creation of a Plan of Action and Milestones (PoAM) to ensure successful compliance. They also touch on the implications of NIST 800-171 Rev 3 and the risks associated with delaying compliance efforts.Ryan Bonner's Video: https://www.youtube.com/watch?v=IEy-TkmKMt8Ryan Bonner's Linkedln: https://www.linkedin.com/in/rybonner/Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Bobby and Kaleigh discuss five significant changes they believe could be made to the CMMC ecosystem. They explore the thought of C3PAOs to providing recommendations after assessments, the possibility of allowing organizations to pass with a score of 88, and the importance of having a C3PAO assessment process for MSPs. They also emphasize the need for yearly reviews instead of full assessments and the challenges posed by FIPS regulations. The conversation highlights the importance of flexibility and clarity in the certification process. Just a reminder that no one is claiming CMMC Jesus in this episode. Our words are not scripture, just conversation.Axiom Linkedln: https://www.linkedin.com/company/axiomtech/Link to upcoming webinar: https://events.teams.microsoft.com/event/3f0f1447-834f-438b-9b81-74bc9eed8298@edee3165-cd1d-46a0-9efe-d70636e1f49bLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of adopting CMMC (Cybersecurity Maturity Model Certification) from both the MSP and client perspectives. They explore the challenges organizations face in implementing CMMC, the importance of client education, and the need for a structured approach to change management. The conversation emphasizes the necessity of leadership buy-in and the scalability of processes to ensure compliance without compromising efficiency. The hosts also highlight the ongoing nature of refining CMMC processes within MSPs and the importance of continuous improvement in this area.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Webinar Registration: https://events.teams.microsoft.com/event/3f0f1447-834f-438b-9b81-74bc9eed8298@edee3165-cd1d-46a0-9efe-d70636e1f49bLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh and Bobby discuss the complexities of CMMC documentation with Tom Conkle from Optic Cyber Solutions. They explore the challenges of writing effective System Security Plans (SSPs) and Customer Responsibility Matrices (CRMs), emphasizing the importance of viewing these documents as management tools rather than mere compliance checkboxes. The conversation highlights common pitfalls organizations face, the significance of clear communication between service providers and clients, and practical tips for creating effective documentation that enhances cybersecurity practices.Tom Conkle on Linkedln: https://www.linkedin.com/in/tomconkle/Kelly Hood on Linkedln: https://www.linkedin.com/in/kellyhoodoc/Optic Cyber Solutions LinksLinkeldn: https://www.linkedin.com/company/opticcyber/posts/?feedView=allWebsite: https://www.opticcyber.com/index.htmlYouTube: https://www.youtube.com/@OpticCyberOptic Cyber Resources Page: https://www.opticcyber.com/resources.htmlCustomer Responsibilities Matrix Template:https://43828014.hs-sites.com/shared-responsibilities-matrix-srm-downloadLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh Floyd and Bobby Guerra delve into the complexities of inheritance within the CMMC framework, particularly focusing on the role of external service providers (ESPs) and the responsibilities of organizations seeking assessment (OSA). They discuss the importance of system security plans, the nuances of the CMMC assessment process, and the challenges faced by managed service providers (MSPs) in navigating inheritance claims. The conversation emphasizes the need for clarity in responsibilities and the potential benefits and limitations of inheriting controls from ESPs. In this conversation, Kaleigh Floyd and Bobby Guerra delve into the complexities of CMMC compliance, focusing on the roles of Managed Service Providers (MSPs) and the concept of inheritance in assessments. They discuss the critical importance of understanding responsibilities between clients and MSPs, the nuances of service provisioning, and the need for clear communication to ensure successful compliance outcomes. The conversation emphasizes the importance of preparation, collaboration, and informed decision-making in navigating the CMMC landscape.LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Kaleigh and Bobby discuss the complexities of scaling CMMC for Managed Service Providers (MSPs). They explore the challenges of compliance, the importance of tools, and the necessity of having structured operational and sales strategies. The conversation also delves into the 'Four Horsemen' of compliance, which are critical for maintaining security and compliance standards. Finally, they emphasize the importance of ongoing maintenance and the long-term scalability of CMMC processes for MSPs.LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Bobby and Kaleigh discuss the challenges and strategies of marketing within the CMMC space. Kaleigh shares her journey of transitioning into this niche market, emphasizing the importance of building a reputation, understanding client needs, and maintaining transparency throughout the sales process. They explore the significance of effective communication, the necessity of educating clients about CMMC, and the balance between being sympathetic and correcting misconceptions. The conversation highlights the need for managed service providers to be proactive and knowledgeable in their approach to CMMC compliance.LinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode, Bobby and Kaleigh explore the CyberAB ecosystem, focusing on the various roles and certifications within the CMMC framework. They discuss the importance of understanding the distinctions between Registered Practitioners (RP), Registered Practitioner Organizations (RPO), CMMC Certified Professionals (CCP), and CMMC Certified Assessors (CCA). The conversation also highlights the role of C3PAOs in conducting assessments and the significance of external service providers in the certification process. The hosts emphasize the need for organizations to navigate these certifications effectively to ensure compliance and security in the cybersecurity landscape.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Link to Cyber AB certification requirements: https://cyberab.org/CMMC-Ecosystem/Ecosystem-RolesLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode of Climbing Mount CMMC, hosts Kaleigh Floyd and Bobby Guerra delve into the intricacies of Customer Responsibility Matrices (CRMs) and their significance in CMMC compliance. They discuss the definition of CRMs, their importance in defining responsibilities between customers and service providers, and the essential components needed to create an effective CRM. The conversation emphasizes the need for clarity in responsibilities, the connection to NIST 800-171 controls, and the importance of understanding vendor relationships in the context of cybersecurity compliance.Optic Cyber Solutions CRM Template: MSP-customer-responsibility-matrix-template 1.xlsxKelly Hood: (9) Kelly Hood | LinkedInTom Conkle: (9) Tom Conkle | LinkedInBrian Hubbard: (9) Brian Hubbard | LinkedInLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn

In this episode of Climbing Mount CMMC, hosts Kaleigh Floyd and Bobby Guerra engage with Chris and Hannah Silvers, a father-daughter duo from CG Silver's Consulting. They discuss their journey in the cybersecurity field, the challenges and dynamics of CMMC, and the importance of community and collaboration in navigating this complex landscape. The conversation highlights the unique challenges faced by MSPs in adapting to CMMC requirements and the evolving nature of their business dynamics. The episode also touches on the intricacies of the sales process in CMMC consulting, emphasizing the need for education and understanding in client relationships. In this engaging conversation, Chris and Hannah Silvers, along with Kaleigh Floyd and Bobby Guerra, explore the intricacies of navigating the C3PAO landscape, the journey to certification, and the dynamics of working in a family business. They discuss the importance of confidence and growth in professional roles, generational perspectives in the workplace, and the empowerment that comes from experience. The conversation highlights the unique challenges and rewards of working in cybersecurity, particularly in the context of family relationships and mentorship.CG Silvers Consulting website: https://www.cgsilvers.com/Chris' LinkedIn: https://www.linkedin.com/in/cgsilvers/Hannah's Linkedln: (15) Hannah Silvers | LinkedInCyberAB listing with contact information: https://cyberab.org/Member/C3PAO-198-Cg-Silvers-Consulting-LlcLinkedIn: https://www.linkedin.com/in/bobbyguerra/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQKaleigh's: (1) Kaleigh Floyd | LinkedIn