What Does NIST 800-171 Look Like in Action?

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of CMMC compliance, focusing on NIST 800-171 controls, self-assessments, risk reviews, change management, and the importance of tools in the compliance process. They emphasize the challenges faced by Managed Service Providers (MSPs) in navigating these requirements and the need for proactive communication with clients to manage expectations and ensure successful compliance.Isabel Rivera's Linkedln: https://www.linkedin.com/in/isabel-rivera-8a7565148/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the intricacies of the CMMC Level 2 assessment process, focusing on what to do when faced with a 'not met' status. They explore preparation strategies, the role of assessors, the implications of minor and major changes during assessments, and the importance of communication with clients. The conversation also covers the 10-day reevaluation period, the 180-day remediation process, and the appeal options available to organizations. Throughout the discussion, they emphasize the need for thorough preparation and understanding of the assessment landscape to navigate the challenges effectively.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of navigating CMMC Level 2 certification and assessments, particularly focusing on the role of Managed Service Providers (MSPs). They explore the challenges faced by small MSPs, the importance of documentation, and the intricacies of the assessment process. The conversation emphasizes the need for MSPs to be well-prepared and knowledgeable to effectively support their clients in achieving compliance.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Kaleigh and Bobby delve into the intricacies of vulnerability scanning, particularly in the context of CMMC Level 2 compliance for Managed Service Providers (MSPs). They discuss the challenges of vulnerability management, the importance of selecting appropriate tools, and the complexities involved in implementing effective scanning processes. The conversation emphasizes the need for clear documentation, continuous monitoring, and proactive maintenance strategies to ensure compliance and security. The hosts also highlight the significance of preparing for audits and the necessity of adapting to evolving requirements in the cybersecurity landscape.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Bobby and Kaleigh discuss the complexities of navigating the Defense Industrial Base (DIB) space, particularly focusing on the Cybersecurity Maturity Model Certification (CMMC) assessments. They explore the challenges faced by organizations in understanding and complying with CMMC requirements, the importance of effective communication with C3PAOs, and the necessity of thorough preparation for assessments. The conversation emphasizes the need for organizations to align their practices with C3PAOs and to be proactive in their compliance efforts to avoid costly failures during audits.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Dy Edington's Linkedln: https://www.linkedin.com/in/dy-edington/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

48 CFR IS HERE! And we have a lot to talk about. In this episode, Bobby and Kaleigh discuss the recent release of 48 CFR and its implications for contractors and subcontractors working with the Department of Defense (War). They explore the significance of the new regulations, the phased rollout strategy, and the importance of CMMC unique identifiers (UIDs). The conversation highlights the risks associated with non-compliance and the need for contractors to be proactive in preparing for the upcoming changes. The hosts emphasize the urgency for subcontractors to align with prime contractors' requirements and the potential consequences of overlooking these regulations.Read 48 CFR Here: https://www.govinfo.gov/content/pkg/FR-2025-09-10/pdf/2025-17359.pdfWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the critical role of data flow diagrams in system security plans, particularly in the context of CMMC compliance. They explore the importance of understanding data flow, identifying sources and users, and ensuring proper sanitization of controlled unclassified information (CUI). The conversation emphasizes the need for organizations to be aware of how data flows through their systems and the implications for security and compliance. Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby delve into the intricacies of Customer Responsibility Matrices (CRMs) within the context of CMMC compliance. They discuss the importance of having a well-defined CRM, the relationship between CRMs and service agreements, and how these elements play a crucial role in assessments. The conversation emphasizes the need for clarity in responsibilities, the role of Managed Service Providers (MSPs), and the expectations of auditors. The hosts provide insights on how to effectively create and utilize CRMs to ensure compliance and avoid potential pitfalls during assessments.32 CFR: https://www.govinfo.gov/content/pkg/FR-2024-10-15/pdf/2024-22905.pdfThe CAP: https://cyberab.org/Portals/0/CMMC%20Assessment%20Process%20v2.0.pdf?ver=fEk1pUK1Fg26fVtopxv_DA%3d%3dAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

This protips podcast episode is extra special! It includes clips from our webinar delving into the intricacies of system security plans (SSPs), emphasizing their critical role in organizational security and compliance with NIST 800.171 and CMMC standards. The discussion covers the importance of scoping, defining system boundaries, managing data flow, and detailing security controls. It also highlights the necessity of well-defined policies and procedures, as well as the clear outlining of user roles and responsibilities. We share insights on building comprehensive SSPs, the challenges faced by Managed Service Providers (MSPs), and the importance of documentation management in maintaining effective security practices.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Want to take part in our upcoming webinar? Register now: https://events.teams.microsoft.com/event/6b7074f6-f21c-4884-ae24-d06f5f5be94c@edee3165-cd1d-46a0-9efe-d70636e1f49bWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh interviews Dy Edington, the Director of Information Security at AV (formally BlueHalo), about her journey through the CMMC Level 2 assessment. Dy shares insights on the importance of leadership buy-in, team collaboration, and the challenges faced during implementation. She emphasizes the significance of documentation, training, and continuous improvement in maintaining compliance. She also offers valuable advice for those starting their CMMC journey, highlighting the need for communication and understanding across all departments.Dy Edington's Linkedln: https://www.linkedin.com/in/dy-edington/AV Website: https://www.avinc.com/Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Kaleigh Floyd's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/