It's that time of year again where we stake our reputations on predicting the future of the CMMC regulatory landscape. What does our crystal ball say about the future hold for rulemaking, FedRAMP, and the CMMC ecosystem in general?

Register for CS2 Reston: https://cs2.cloud

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule

2024 Predictions: https://youtu.be/YzFkJGzny20?si=H7UurOVBgKPxpH7Q

FedRAMP memo: https://youtu.be/torWNL3U7ZY?si=_yFHuMqXpCg6hYWy

FAR CUI Rule: https://youtu.be/-bYjDy7z7BA?si=sYytd46cIhmXIP8A

A year ago we made seven predictions for the CMMC landscape. We got some right, we got a few mostly right, and we got a few “wrong”.

Register for CS2 Reston with code SUMITUPRESTON: https://cs2.cloud/reston

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule

2024 Predictions: https://youtu.be/YzFkJGzny20?si=H7UurOVBgKPxpH7Q

The Cyber AB has officially released the CMMC Assessment Process Guide. Now that the “CAP” is official, CMMC “false starts” are officially something that defense contractors need to be aware of.

Register for CS2 | Reston with code SUMITUPRESTON for 15% off here: https://cs2.cloud/reston

CMMC Cap (PDF): https://cyberab.org/Portals/0/Documents/Process-Documents/CMMC-Assessment-Process-CAP-v1.0.pdf

False starts 1.0 (June ‘24): https://youtu.be/zwU4u86L_5A

NFO Controls: https://youtu.be/YEQd--RIUkU

Documentation Deep Dive: https://youtu.be/TXsKdH3hC6E

The CMMC Program has reached it “Birth” date and part of the celebration was the rellease ong the newly revised, effective, and in-force version of the CMMC Assessment Process (CAP, and the CMMC Code of Professional Conduct (CoPC). Jason and Joy have been picking apart these documents since their release; and on this week's show, they offer their 7 “high level” takeaways from CAP 2.0 & CoPC 2.0.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

CS2: Reston : https://cs2.cloud/reston

This week we're joined by Fenando Machado of Cybersec Investments, an authorized CMMC C3PAO. Fernando has been around the CMMC space for years and has helped a ton of companies successfully pass their Joint Surveillance Assessments. Fernando shares what he's learned ahead of the effective date of the 32 CFR CMMC final rule and the rest of the phased roll-out.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule

Fernando: https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/

Cybersec Investments (C3PAO): https://cybersecinvestments.com/

(0:00 – 3:17): Intro (3:18 – 6:42): What's the key to assessment success? (6:43 – 8:48): What's the key to perfect scores? (8:49 – 11:42): Most problematic controls? (11:43 – 12:52): What's harder: technical or non-technical? (12:53 – 14:42): Are “False Starts” real? (14:43 – 17:44): How important is an MSP? (17:45 – 20:45): Current backlog? (20:46 – 22:38): $100k assessments? (22:39 – 24:27): Outro

What is the CMMC phased roll-out? How will the CMMC phased roll-out affect defense contractors and when? Most importantly: How should companies strategize based on the CMMC phased roll-out? We get into all of that and more this week.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule

Who decides what CMMC status level is required in defense contracts? How do they decide? Q2 2025 is just around the corner and this week we dive into the decision factors that lead to CMMC status level requirements.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule

48 CFR proposed rule podcast: https://youtu.be/Fzi3SFEs92U

A Joint Resolution of Disapproval has been submitted to disapprove the 32 CFR CMMC final rule. Is this the end of CMMC as we know it? Or, as is usually the case, has the ecosystem jumped to conclusions and let their confirmation bias get the better of them? This week we go deep into the Congressional Review Act and why there's much more to the story of Representative Palmer's resolution.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

32 CFR CMMC Webinar: https://www.summit7.us/webinars/cmmc-32-cfr-final-rule

Palmer's Resolution: https://www.congress.gov/bill/118th-congress/house-joint-resolution/221/text

GAO Report on the CMMC final rule: https://www.gao.gov/products/b-336776