Cyberspin

CMMC timelines, DFARS 7025, FedRAMP CRM responsibilities, interim compliance signals, and what’s next for NIST 800-171 Rev. 3, our team of CMMC Certified Assessors (CCAs) covered the hottest questions the DIB is asking right now. If you’re aiming for Level 2 or fielding customer requests for proof of certification in Phase 1, this conversation is your quick-hit guide to what matters most.   CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

The long-awaited final 48 CFR DFARS 7021 rule has dropped, and CMMC is officially headed into contracts. In this special live call-in edition of Cyberspin, the Redspin team gives their quick breakdown to the finalized rule before answering audience questions on everything from SSO/MFA and joint ventures to whether small contractors can realistically achieve Level 2 certification. We also dive into separation of duties, prime pressure on subs, and the most cost-effective paths to certification, and so much more   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this live CMMC Connect session, Redspin’s experts tackle audience questions head-on: How soon after 48 CFR finalization will CMMC Level 2 show up in contracts? What’s the best way to secure printers in hybrid work environments? And what happens when CMMC shortfalls trigger False Claims Act investigations? Tune in for real-world answers, practical tips, and a candid look at the signals DoD contractors can’t afford to miss. CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode, we unpack one of the most common questions in the CMMC space: What actually triggers a reassessment? From changes in CUI flow to infrastructure shifts and company acquisitions, we break down when you might need to re-certify—and what’s still awaiting clarity from the DoD. We also share lessons learned from the field, including common missteps organizations are making in cloud environments. Misconfigured policies, inherited templates, and SSPs that don’t reflect reality are tripping up otherwise prepared teams. Next, we take a closer look at the Shared Responsibility Model. Your External Service Provider (ESP) can’t carry the full weight of compliance. We explain what controls can be inherited, what’s shared, and where your organization is ultimately accountable. Then we dive into key updates on 48 CFR—the rule that puts CMMC into contracts. With final review underway, we discuss what the phased rollout may look like, enforcement timelines, and how this will impact existing agreements. Finally, don’t miss the live Q&A segment, where we tackle everything from overseas CUI control obligations to M365 scoping confusion and the new six-year evidence retention rule. Tune in & take notes! CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Big moves in CMMC rulemaking are happening, and the signals from DoD leadership are loud and clear. In this episode, we break down the recent milestone that sent 48 CFR to OIRA for final review, the critical July 18th memo from THEE Secretary of Defense, and what it all means for the Defense Industrial Base. We’ll talk terminology ("effective" vs. "enforceable"), and timelines for contractors.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this CMMC Connect replay episode, we dive into the most pressing questions facing the Defense Industrial Base right now. Kicking things off with a state-of-the-ecosystem update, our panel tackles the big-ticket items—how much CMMC actually costs, where we are in the implementation timeline, and how many assessments have already been completed. We also break down the current stats on authorized C3PAOs and certified professionals in the ecosystem. After setting the stage, we shift into audience-driven content, answering pre-submitted questions and opening the floor for a lively live Q&A with defense contractors across the country. Whether you’re prepping for your assessment or just trying to wrap your head around what CMMC means for your business, this episode is packed with insight and candid guidance from the front lines. Tune in & take notes! CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This month, our expert panel tackles the real-world challenges of CMMC compliance, from getting started and surviving assessments to sustaining success. We break down training must-haves, insider threat risks, MFA requirements, retroactive CUI headaches, and how tools like VDI and FedRAMP fit into your strategy. Tune in for practical tips, pitfalls to avoid, and audience Q&A that dives into the details you actually care about. CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

A long time ago (okay, April 24, 2025), in an ecosystem not so far away… Redspin hosted a CCA and CCP Q&A packed with practical advice for navigating CMMC compliance. Topics spanned NIST 800-171 Rev. 3 updates, ERP system management, SSP maintenance, CUI handling in Azure GCC vs. GCC High, remote access security, and cost distribution across federal contracts.   Panelists also explored user privileges, FedRAMP equivalency, and how CUI management differs between civilian and DoD contexts. Listen in for real-world insights and strategies to conquer the complexities of CMMC!   CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

With headlines swirling about the new DoD nominee reviewing 48 CFR( the rule that puts CMMC in contracts), is CMMC on the chopping block? Rob Teague, Dr. Thomas Graham, and special guest David Bailey break down the headlines and clear up the confusion. Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Insights from our CMMC Assessor team on: Preparing for CMMC assessments The implications of using AI in compliance Requirements for cloud services. The session also addresses common questions regarding vulnerability data, SPRS compliance, and the differences between GCC and GCC High environments. The conversation concludes with a live AMA session where participants can engage directly with the panelists.  CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This month, we cover important updates regarding CMMC compliance, including a JSVA update and Katie Arrington's return to the driver's seat.   Our panelists delve into the complexities of compliance with CUI regulations, the challenges of recovering costs in future contracts, and the importance of customer responsibility matrices in FedRAMP. It also addresses the nuances of CMMC compliance, particularly regarding subcontractor challenges and the integration of ERP solutions, plus so much more.   CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This month, we break down the FAR CUI proposed rule and what it means for your CMMC readiness. Our experts, Phil, Les, Dr. Thomas, Rob, and Jeremy, tackle key topics, including: Security awareness training – Who needs it and why? Reporting requirements – What’s changing and how to stay compliant. Assessment costs – What impacts pricing and how to save money. GRC tools & cloud compliance – Choosing the right solutions. Join us for practical insights and expert advice on navigating CMMC. CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode, the Redspin team of Certified CMMC Assessors (CCAs) gets together to break down the latest updates and buzz in the CMMC ecosystem.   They discuss the surprises in the recently published proposed FAR CUI rule, the status of the 48 CFR rule (CMMC in contracts) and when to expect it to be finalized, as well as what CMMC Level 3 means for the Defense Industrial Base (DIB) and where to start. The team also explores the potential impact of a new administration on rulemaking progress and CMMC initiatives, dives into updates on NIST 800-171 Rev 3, and discusses whether CMMC could expand across the entire federal government. Listen for input directly from a C3PAO,  so you don’t have to sift through it all yourself! Check out the FAR CUI rule here—specific questions for public comment begin on page 46.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this episode of Cyberspin, we bring you a replay of December’s CMMC Connect session, featuring an engaging discussion with our CCPs and CCAs: Jeremy Meyers, Rob Teague, Dr. Thomas Graham, and Belen Coleman. The team tackles audience questions, dives into the implications of the finalized and in effect 32 CFR rule, and explores practical strategies for achieving and maintaining CMMC compliance. Key topics include: Preparing for the effective date of 32 CFR and beyond. Addressing challenges with EMASS and certification timelines. Best practices for balancing compliance and operational needs. Insights into evidence requirements, self-assessments, and scoring complexities. A practical look at cloud solutions, hybrid environments, and architectural best practices. Whether new to CMMC or seeking expert guidance, this session offers actionable advice and insights to help your organization succeed. Don’t forget to join us live for the next CMMC Connect session on the last Thursday of every month! Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this special episode, Robert Hill, CEO at Cyturus, shares the inside scoop from his discussion with Representative Gary Palmer’s staff about Palmer’s joint resolution disapproving the CMMC rule. Learn what this resolution means for DoD contractors, how it could impact compliance efforts, and why staying focused on the path to compliance is more important than ever. Listen to clarify the implications and next steps for navigating this critical moment in the defense industrial base.     Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This conversation is a replay of Redspin's November 2024, CMMC Connect Q&A session. The conversation covers various aspects of the CMMC process, including boundary considerations, asset definitions, and strategies for preparing for assessments.   The speakers (some who are live from the Cyber AB's CEIC Conference) provide insights into the latest updates on the new CMMC Assessment Process (CAP) release, how Managed Service Providers (MSPs) can prepare for Level 2, and best practices for making the assessment process smoother.   They also discuss the challenges of handling unsupported operating systems and the importance of risk management in these scenarios. This conversation delves into various aspects of CMMC compliance, including the necessity of MFA for Wi-Fi access and the handling of CUI in different contexts. The discussion also covers the importance of background checks for third-party employees, the management of visitor controls in research environments, and updates on compliance processes and requirements such as FIPS validation. The panelists emphasize the need for thorough documentation and due diligence in maintaining compliance standards.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This episode shares October’s CMMC Connect session, which features special guest Matt King, Belcan's Chief Security and Data Officer, alongside Jeremy Mares and Robert Teague from Redspin. The team breaks down the latest CMMC updates, including insights on the finalized 32 CFR timeline, tips for defining CUI, and new requirements for MSP and ESP certifications. They also tackle audience questions on key topics like scoping, training, DIBCAC High certification (JSVAP), and much more. Whether you’re a defense contractor or cybersecurity professional, this episode offers valuable insights into navigating CMMC requirements. Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

Rob Teague and the team discuss the anticipated 32 CFR final rule. They explore initial key takeaways from the rule, including changes in certification processes for external service providers, DIBCAC-High assessments, the appeals process, record retention requirements, and the impact of mergers and acquisitions on certification.   Rob, Dr. Thomas Graham, and Jeremy Mares emphasize the importance of acting quickly to navigate the upcoming certification landscape and address the challenges posed by potential assessment backlogs.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

This episode is a replay of the latest CMMC Connect session, where we tackle critical updates on CMMC rulemaking, public comments, and timelines. It features insights from the "Queen of CMMC" Tara Lemieux, Rob Teague, who joins us live from NCS, and cloud security expertise from Steve Akers. We dive into essential tips for compliance, Cloud environments, the 48 CFR rule, and what small businesses need to know as 2025 approaches. Don't miss this deep dive into CMMC and the chance to prepare for what’s next.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.

In this month's episode, we revisit the August CMMC Connect session, where Jeremy, Thomas, and Rob discuss the latest updates and questions surrounding the Cybersecurity Maturity Model Certification (CMMC).  Tune in as we cover key topics, including the anticipated timeline for CMMC certification requirements, recent developments like the 32 CFR and 48 CFR publications, and the cost implications for small businesses aiming for CMMC Level 2 certification. The panel also addresses the complexities of scoping CMMC compliance in cloud environments, the role of joint surveillance assessments, and how to navigate potential challenges in meeting compliance requirements. This episode is packed with actionable insights and answers to your most pressing CMMC questions, making it a must-listen for anyone involved in the defense industrial base (DIB) or interested in staying ahead of CMMC developments. Key Takeaways: Understanding the latest timeline and requirements for CMMC certification. Navigating the 32 CFR and 48 CFR updates and their implications for contracts. Strategies for small businesses to minimize costs while achieving CMMC compliance. Insights on using cloud environments like Azure and GCC for CMMC compliance. Practical advice on managing CUI data and preparing for CMMC audits. Whether you're a prime contractor, subcontractor, or just getting started with CMMC, this episode provides valuable guidance on navigating the evolving landscape of cybersecurity compliance.   Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.