Where to Begin on Your CMMC Compliance Journey

In this episode of Climbing Mount CMMC, Kaleigh Floyd and Kelly Hood discuss the essential steps for small businesses to navigate the complexities of CMMC compliance. They emphasize the importance of understanding the foundational reasons behind CMMC, the necessity of leadership involvement, and the identification of internal roles and responsibilities. The conversation also covers practical strategies for implementing NIST 800-171 controls, the significance of scoping, and tips for writing an effective System Security Plan (SSP). Throughout the discussion, they highlight the need for a cultural shift towards security and the importance of collaboration across departments.Kelly Hood's Linkedln: https://www.linkedin.com/in/kellyhoodoc/Optic Cyber Solutions: https://www.opticcyber.com/Optic's CMMC (L2) Progress Tracker: https://43828014.hs-sites.com/cmmc-l2-progress-trackerCAP: https://cs2.cloud/hubfs/CS2%202022/CS2%20DC/Resources/DRAFT%20CMMC%20Assessment%20Process%20(CAP)%20v1.0%20.pdfTimestamps: Intro 00:00 02:40The "Why" Behind NIST 800-171 02:41 07:35The Importance of Leadership Buy-In 07:36 10:39Defining Internal Roles 10:40 17:06Working Through Domain Controls 17:07 24:55Building Your SSP 24:56 31:29Take Scoping Seriously 31:30 39:04Write Something Down 39:05 41:15Closing Remarks 41:16 42:53Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

This webinar discussion provides an in-depth exploration of the CMMC Level 2 assessment process, including the phases of assessment, methodologies, and the importance of media sanitization and risk assessments. The speakers share their experiences and insights, emphasizing the need for thorough preparation and understanding of compliance requirements to ensure successful outcomes in assessments. Bobby and Kaleigh walk listeners through the nuances of a CMMC mock assessment and give a glimpse into what you can expect on assessment day. Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd, Bobby Guerra, and Vincent Scott discuss the upcoming rollout of the Cybersecurity Maturity Model Certification (CMMC) and the challenges facing the defense industrial base. They explore the readiness of organizations seeking certification, the role of implementers, and the potential impact on major defense systems. The conversation emphasizes the importance of preparation and accountability in achieving cybersecurity goals while addressing the complexities of the CMMC implementation process.Vincent Scott's Linkedln: https://www.linkedin.com/in/vincent-scott-cybersecurity/Defense Cyber Security Website: https://www.cybersecgru.com/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh interviews Logan Therrien from Kieri to discuss the role of C3PAOs in the CMMC ecosystem. They explore the importance of proper preparation for CMMC Level Two certification, common pitfalls organizations face during self-assessments, and the critical nature of documentation. The conversation also delves into the assessment process, the significance of system security plans, and the ongoing responsibilities after certification.https://cyberab.org/https://cyberab.org/Resources/Downloadshttps://www.youtube.com/@kierilfhttps://www.nist.gov/https://www.linkedin.com/in/logan-therrien/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of CMMC compliance, focusing on NIST 800-171 controls, self-assessments, risk reviews, change management, and the importance of tools in the compliance process. They emphasize the challenges faced by Managed Service Providers (MSPs) in navigating these requirements and the need for proactive communication with clients to manage expectations and ensure successful compliance.Isabel Rivera's Linkedln: https://www.linkedin.com/in/isabel-rivera-8a7565148/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the intricacies of the CMMC Level 2 assessment process, focusing on what to do when faced with a 'not met' status. They explore preparation strategies, the role of assessors, the implications of minor and major changes during assessments, and the importance of communication with clients. The conversation also covers the 10-day reevaluation period, the 180-day remediation process, and the appeal options available to organizations. Throughout the discussion, they emphasize the need for thorough preparation and understanding of the assessment landscape to navigate the challenges effectively.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd and Bobby Guerra discuss the complexities of navigating CMMC Level 2 certification and assessments, particularly focusing on the role of Managed Service Providers (MSPs). They explore the challenges faced by small MSPs, the importance of documentation, and the intricacies of the assessment process. The conversation emphasizes the need for MSPs to be well-prepared and knowledgeable to effectively support their clients in achieving compliance.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, Kaleigh and Bobby delve into the intricacies of vulnerability scanning, particularly in the context of CMMC Level 2 compliance for Managed Service Providers (MSPs). They discuss the challenges of vulnerability management, the importance of selecting appropriate tools, and the complexities involved in implementing effective scanning processes. The conversation emphasizes the need for clear documentation, continuous monitoring, and proactive maintenance strategies to ensure compliance and security. The hosts also highlight the significance of preparing for audits and the necessity of adapting to evolving requirements in the cybersecurity landscape.Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Bobby and Kaleigh discuss the complexities of navigating the Defense Industrial Base (DIB) space, particularly focusing on the Cybersecurity Maturity Model Certification (CMMC) assessments. They explore the challenges faced by organizations in understanding and complying with CMMC requirements, the importance of effective communication with C3PAOs, and the necessity of thorough preparation for assessments. The conversation emphasizes the need for organizations to align their practices with C3PAOs and to be proactive in their compliance efforts to avoid costly failures during audits.Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/Dy Edington's Linkedln: https://www.linkedin.com/in/dy-edington/Website: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

48 CFR IS HERE! And we have a lot to talk about. In this episode, Bobby and Kaleigh discuss the recent release of 48 CFR and its implications for contractors and subcontractors working with the Department of Defense (War). They explore the significance of the new regulations, the phased rollout strategy, and the importance of CMMC unique identifiers (UIDs). The conversation highlights the risks associated with non-compliance and the need for contractors to be proactive in preparing for the upcoming changes. The hosts emphasize the urgency for subcontractors to align with prime contractors' requirements and the potential consequences of overlooking these regulations.Read 48 CFR Here: https://www.govinfo.gov/content/pkg/FR-2025-09-10/pdf/2025-17359.pdfWebsite: https://www.axiom.tech/YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/ Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/ Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/