I'm speaking at #InfoSecWorld in Orlando this October 27-29. @KellyHood_ and I are presenting “Prove It: Preparing for Your CMMC Assessment.". 25% off with code "ISW25-SPEAKER25". #CRAEvents #InfoSecWorld2025 #ISWSpeakerGet

Were you able to get a CRM from your CSP?. CRMs aren't just a checkbox for compliance with #CMMC, they ensure you use the tool properly. Free CRM Template: . Let’s make sure the CMMC requirements don’t fall through the cracks.

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

I’ve scoped a lot of #CMMC environments, and no two are alike. In this video, I walk through how to get started with scoping and outline four key steps that, when followed in order, help you define a CMMC boundary that’s clear, defensible, and aligned with business requirements.

RT @OpticCyber_: What’s in & what’s out? . Check out this video with @TomConkle to learn how smart #CMMC scoping can make your path to cert….

As of July 29, there are 971 CCPs, 455 CCAs, and 300 Lead CCAs. It’s a strong signal that the community is mobilizing to meet the needs of the DIB. Reach out if you want to work with an experienced team that will make sure you are on the right track. #OpticCyber

During yesterday's Cyber-AB Town Hall, 48 CFR was a key topic. The rule that will allow the DoD to put #CMMC in contracts. If the rule is expected to be released in Oct/Nov, so is the Ecosystem ready?. If you need on your CMMC journey reach out. We'd love to help out.

#CMMC Rule Update!. The long-anticipated 48 CFR rule has officially reached OIRA for final review, marking a major milestone in the rulemaking process. This starts the clock before CMMC requirements will officially appear in DoD contracts.

Thank you to Bobby & Kaleigh for having me on Climbing Mount CMMC, “The Art of Effective CMMC Documentation” episode. If you haven’t listened yet check it out at: . And if you have follow-up questions, feel free to reach out! I’m always happy to help.

Did you know that more than half of the #CMMC Level 2 requirements are non-technical?. In fact, ~60 requirements include AOs that require the OSCs to “identify” or “define” something. There are also requirements for training, background screenings and 6 on Physical Protection.

32 CFR §170.17(c)(2) states organizations have 10-days to correct deficiencies noted during the assessment. The Cyber-AB says only 'existing' artifacts can be updated. Does conducting a tabletop exercise, as defined in your policy, correct a deficiency or create something new?

Can an object be CUI?. June's @CyberAB townhall, there was a lot of discussion on this question. One speaker stated “It depends.” While in the Q&A, another answered “the ‘I’ in CUI stands for Information. Physical parts are not CUI.” . Need help clarifying, reach out!

Now listed as a Lead CCA!. I'm excited to be included in the Cyber AB Marketplace as a Lead Certified CMMC Assessor (#LCCA). If you're preparing for your CMMC journey or considering a gap assessment, feel free to connect. I’m always happy to help.

Excited to get CEIC West kicked off. Already had a chance to catch up with so many including Kevin Mann, Brian Hubbard, and Adam Evans. Looking forward to reconnecting with others as well and meeting those new to the ecosystem. At #CEICWest? If so, let's connect.

Wednesday's #CMMC Summit in MD provided a few key updates on the CMMC ecosystem and status. - New organizaitons coming to help CMMC Implementers.- 48 CFR is expected out this year.- Revised certification blueprints coming. Questions or need help navigating CMMC? Let’s connect

So, why did the DoD introduce the term ESP in #CMMC? Ironically, it was to reduce confusion. By using the broader term ESP to distinguishing from CSPs, the DoD ensured that all relevant service providers are included, regardless of how they brand themselves.

Happy to announce I'll be speaking at IT Nation Secure 2025 in Orlando, FL on June 4. I'll be sharing lessons learned on developing effective CRMs to clearly communicate expectations. Learn more and register 👇. Hope to see you there!. #ITN25

#CMMC vs #FedRAMP: What’s the difference? Which program do I need?" . If you have asked yourself these questions check out my video explaining how they work together. 👇. Need help navigating CMMC or FedRAMP? Reach out we are here to help.

CMMC Assessments Are Underway — But Readiness Remains the Bigger Roadblock. • Since January 2025, 85 companies have successfully achieved CMMC certification. • 99 companies had false starts because they weren't ready for the assessment even though they engaged a C3PAO.

Rachel Leidy and I are hard at work on our session for CEIC West and looking forward to presenting on May 23, 2025. Hope to see at the session and throughout the conference!.

The DoD CIO's office released a memo defining the Organization-Define Parameter (ODP) values for SP800-171r3. While SP800-171r3 isn't expected to be required for several years, this guidance helps us get started today. The full memo is located at: