What Does NIST 800-171 Rev 3 Mean for MSPs?

In this episode of Climbing Mount CMMC, Bobby and Adam discuss the implications of Rev3 for MSPs in the context of CMMC. They explore the challenges MSPs face in achieving compliance, the role of external service providers, and the importance of documentation and shared responsibilities. They highlight the evolving landscape of cybersecurity requirements and the necessity for MSPs to fully commit to compliance to effectively support their clients.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Bobby and Adam discuss the intricacies of Plan of Action and Milestones (POAM) in the context of cybersecurity assessments. They explore the importance of having a clear understanding of what constitutes a POAM, the distinction between operational plans and assessment findings, and the necessity of being prepared for assessments to ensure compliance. The conversation emphasizes the need for organizations to maintain clarity and organization in their documentation to avoid complications during assessments.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mounts CMMC, hosts Kaleigh Floyd and Bobby Guerra discuss the five stages of grief related to the CMMC compliance journey. They share personal experiences and insights on denial, anger, bargaining, depression, and acceptance, emphasizing the importance of understanding these emotions as organizations navigate the complexities of CMMC compliance. The conversation highlights the challenges faced by both service providers and contractors, offering encouragement and practical advice for overcoming obstacles in the compliance process.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd, Bobby Guerra, and Adam Evans discuss the complexities surrounding Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) in the context of CMMC compliance. They clarify the definitions, roles, and responsibilities of MSPs and CSPs, particularly in relation to handling Controlled Unclassified Information (CUI) and navigating FedRAMP requirements. The conversation emphasizes the importance of understanding the distinctions between these roles to avoid unnecessary confusion and compliance issues.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, the hosts discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers in compliance. They emphasize the need for System Security Plans (SSPs) to be living documents that adapt to evolving security needs and the necessity for contractors to prepare for the upcoming changes to avoid complications during assessments.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby are joined by Axiom's own, Adam Evans, to discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers in compliance. They emphasize the need for System Security Plans (SSPs) to be living documents that adapt to evolving security needs and the necessity for contractors to prepare for the upcoming changes to avoid complications during assessments.Link to NIST 800-171 Rev 3: https://csrc.nist.gov/pubs/sp/800/171/r3/finalAdam's Linkedln:  https://www.linkedin.com/in/grcadame/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the complexities of managing Controlled Unclassified Information (CUI) within the framework of CMMC compliance. They explore the challenges of physical boundaries, the role of personnel in safeguarding CUI, and the implications of printing and disposing of sensitive information. The conversation also touches on the nuances of working from home, the importance of training, and the recent DOD FAQs that have stirred debate in the industry. The hosts emphasize the need for businesses to understand their responsibilities and the potential pitfalls of non-compliance.DoD FAQ link: https://dodcio.defense.gov/Portals/0/Documents/CMMC/CMMC-FAQsv4.pdfNIST 800-88 link: https://csrc.nist.gov/pubs/sp/800/88/r2/finalWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of "Climbing Mount CMMC," hosts Kaleigh Floyd and Bobby Guerra delve into the intricacies of preparing for a CMMC Level 2 assessment, particularly focusing on the role of external service providers (ESPs) and Managed Service Providers (MSPs). They emphasize the importance of selecting a provider who not only understands the CMMC requirements but has also successfully guided clients through the assessment process. Kaleigh shares her personal experiences with contractors who have been misled by providers, likening the situation to being an Uber driver rather than a coach in a race. Bobby adds that understanding the CMMC controls at a referee level is crucial for any provider aiming to assist clients effectively. The conversation progresses to practical advice on how to vet potential providers, including asking about their experience with assessments, their understanding of NIST 800-171 controls, and the tools they use. Kaleigh and Bobby stress the necessity of having a customer responsibility matrix and a clear agreement that outlines the roles and responsibilities of both the provider and the client. They conclude by encouraging listeners to ask the right questions to avoid wasting time and resources, ensuring they choose a provider who can genuinely support them through the CMMC certification journey.Link to see our upcoming events: https://www.axiom.tech/upcoming-events/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, hosts Bobby and Kaleigh discuss the critical topic of self-attestation for CMMC level two requirements. They explore the evolution of self-attestation, the risks associated with misrepresentation, and the importance of accountability in the self-assessment process. The conversation emphasizes the need for organizations to prepare adequately for self-attestation, including having a solid system security plan and the necessary evidence to support their claims. The hosts also highlight the potential consequences of failing to comply with these requirements, including the role of whistleblowers and the importance of leadership taking these matters seriously.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the significant changes and challenges that companies will face in 2026 regarding CMMC compliance. They delve into the implications of new CMMC Level 2 requirements, the importance of self-assessments versus third-party assessments, and the potential consequences of non-compliance. The conversation also touches on the risks of false claims and whistleblowing, the expected timeframes for achieving compliance, and the impact of resource contention on costs. Finally, they emphasize the importance of finding the right Managed Service Provider (MSP) to navigate these challenges effectively.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/