What Qualifies As a "Significant Change" in CMMC?

In this episode of Climbing Mount CMMC, Bobby and Kaleigh explore the recent updates and implications of "significant changes" in the CMMC assessment process, focusing on how organizations can navigate reassessments, change management, and the role of C3PAOs.Link to 32 CFR Final Rule: Federal Register :: Cybersecurity Maturity Model Certification (CMMC) ProgramLink to FAQ: CYBERSECURITY MATURITY MODEL CERTIFICATION Program (CMMC) FREQUENTLY ASKED QUESTIONSLink to Vince Scott's Article: (29) Temporary Deficiencies, Enduring Exceptions, and Operational Plans of Action: What are they and why do I care? | LinkedInWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Kaleigh speaks with Axiom's compliance officer, Adam Evans, to explore the complexities of inheritance in the context of CMMC compliance, cloud service providers, and external service providers. They discuss how inheritance works, common misconceptions, and practical tips for organizations navigating compliance assessments.Link to the CMMC Assessment Process (CAP): https://cyberab.org/Portals/0/CMMC%20Assessment%20Process%20v2.0.pdfWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Kaleigh and Bobby dive into a deep discussion on the complexities and challenges of achieving CMMC Level 2 certification for MSPs and OSCs with Lawrence Cruciana. They share insights on shared responsibility, operational maturity, and "the game of chicken" played between organizations in the cybersecurity compliance landscape.Lawrence's LinkedIn:  Lawrence Cruciana | LinkedInCorporate Information Technologies Website: Corporate Information Technologies - CorpInfoTechWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Cyb-Her, Kaleigh shares with Axiom employee, Maleah Adams, her journey from call coordinator to COO, speaking on her experiences in the MSP and cybersecurity space, including her work and transition to the CMMC ecosystem and her perspective as a woman in a male-dominated industry.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Fernando Machado (CCA) from CyberSec Investments shares his extensive experience with Kaleigh and Bobby about the CMMC assessment process, the journey to becoming a C3PAO, and practical insights for contractors navigating the certification landscape. They discuss the phases of assessments, scoping mistakes, and how to prepare effectively.Fernando's LinkedIn: https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/CyberSec Investments Website: https://cybersecinvestments.com/ ND-ISAC C3PAO Shopping Guide:  https://ndisac.org/defense-news/nd-isac-releases-c3pao-shopping-guide-for-small-medium-sized-businesses/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and, new to Axiom, Ashton Guerra discuss the critical questions organizations seeking CMMC Level 2 certification (OSCs) should ask their MSPs. They share insights on scope, security measures, and the importance of transparency in the certification journey.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this new series we like to call "Spelunking", Bobby and Kaleigh explore the updates in NIST 800-171 Revision 3, focusing on the differences from Rev 2, including control changes, assessment objectives, and preparation strategies for compliance. In this episode, they focus on control 03.02 Awareness and Training. They give valuable insights for MSPs, organizations, and assessors preparing for the upcoming changes and requirements.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In the season 5 premiere of Climbing Mount CMMC, Kaleigh and Bobby share practical, boots-on-the-ground insights on implementing CMMC self-assessments, especially for MSPs supporting multiple clients. They break down how to approach self-assessments with the discipline of a formal audit, while still building a process that can scale.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In the season 4 finale of Climbing Mount CMMC, Kaleigh and Bobby share their extensive experience navigating the complexities of achieving CMMC Level 2 certification as an MSP. They discuss the importance of commitment, education, strategic planning, and the realities of scaling support for government contractors.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Kaleigh and Bobby discuss the concept of grace within the CMMC framework, particularly focusing on the NIST 800-171 controls, the role of C3PAOs, and the importance of mock assessments. They emphasize the need for proper training and certification, the significance of daily reviews during assessments, and the opportunities provided by the 10-day remediation period. The conversation highlights the human element in assessments and the importance of communication between contractors and assessors.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQAxiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/