Claim OwnershipCMMC Compliance Guide
Subscribed: 14Played: 260
Subscribe
© 2026 CMMC Compliance Guide
Description
Our experiences inspired the creation of The CMMC Compliance Guide Podcast and its accompanying resources. The podcast began as a way to share what we learned through real-world challenges—like helping that aerospace machine shop—and to provide accessible education for businesses navigating DoD cybersecurity requirements.
The CMMC Compliance Guide Podcast breaks down complex topics like NIST 800-171 and CMMC into actionable, easy-to-understand steps. Whether you’re a subcontractor struggling to meet compliance deadlines or a business owner looking to secure your supply chain, the guide offers practical advice to help you take control of your cybersecurity journey.
47 Episodes
Reverse
Submit any questions you would like answered on the podcast! The DoW just released updated CMMC FAQs that clarify the rules contractors keep getting wrong. In this episode, Austin and Brooke break down what the new guidance actually says, what it means for your scope, and where vendor and architecture decisions can derail an assessment before it even starts. We cover the most important FAQ clarifications, including: The real CMMC timeline and what Phase 1 vs Phase 2 changesWhy primes may dema...
Submit any questions you would like answered on the podcast! When CMMC compliance starts to feel overwhelming, most companies don’t fail because they lack effort, they fail because they don’t know where to start. In this episode of the CMMC Compliance Guide Podcast, Brooke and Stacey break down why CMMC feels so urgent and high-risk for small and mid-sized DoD contractors, and how to triage your compliance work so you can make real progress without burning out. This episode covers: Why st...
Submit any questions you would like answered on the podcast! Get your free SPRS Roadmap here: https://cmmccomplianceguide.com/free-sprs-roadmap In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke break down the #1 thing that trips companies up before a CMMC Level 2 assessment: evidence. Having a binder of policies (or a 300-page SSP) is not enough. Assessors want proof you are doing what you say you do consistently, over time and they want it organized so they can quickly...
Submit any questions you would like answered on the podcast! What do CMMC Level 2 assessors notice first, sometimes within the first day, before they ever dig into your firewall configs or deep technical testing? In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke break down the early red flags that can derail your assessment fast. We cover what assessors ask for right out of the gate (and how quickly you need to respond), why generic SSPs create problems, how scoping mist...
Submit any questions you would like answered on the podcast! Most small and mid-sized manufacturers do not fail CMMC because of “tech.” They fail because their documentation does not match how the shop actually runs. In this episode, Austin and Brooke break down how to build CMMC documentation that is concise, accurate, and assessor-friendly without drowning in templates that were never written for your business. You will learn why template overload causes gaps, how to keep policies aligned t...
Submit any questions you would like answered on the podcast! CMMC is no longer just a compliance requirement. It is now a competitive advantage that directly impacts who wins and who loses DoD contracts. In this episode of the CMMC Compliance Guide Podcast, Stacey and Brooke break down how the final 48 CFR rule has changed the contracting landscape and why primes are now aggressively pushing CMMC requirements down to their subcontractors. We explain how CMMC certification, SPRS scores, and a...
Submit any questions you would like answered on the podcast! Are assessors judging you on CMMC or NIST 800 171 when audit day arrives? In this episode of the CMMC Compliance Guide Podcast, Stacey and Brooke break down the real relationship between CMMC 2.0 and NIST 800 171 so you are not guessing when it matters most. We walk through how the 110 NIST 800 171 controls and 320 assessment objectives drive your CMMC level 2 certification, and what CMMC layers on top, including POA&M limits,...
Submit any questions you would like answered on the podcast! Today’s episode of the CMMC Compliance Guide Podcast dives into the biggest myths that machine shops, fabricators, CNC shops, and mid-sized defense contractors still believe about CMMC. From cloud misconceptions to vendor promises that fall short, Brooke breaks down why these misunderstandings lead to failed assessments and what contractors should be doing instead. We walk through common assumptions like “cloud keeps me out of scope...
Submit any questions you would like answered on the podcast! CMMC Level 1 Self- Assessment Guide: https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level1_V2.0_FinalDraft_20211210_508.pdf In this episode of the CMMC Compliance Guide Podcast, Stacey and Austin from Justice IT Consulting break down CMMC Level 1 in clear, simple terms: what it is, who it applies to, and the exact steps small and mid-sized contractors must take to protect Federal Contract Information (FCI). You’ll learn wh...
Submit any questions you would like answered on the podcast! In this episode of the CMMC Compliance Guide Podcast, Stacey and Austin from Justice IT Consulting walk through the top 12 essentials every contractor needs to achieve CMMC Level 2 compliance especially small and mid-sized defense manufacturers. You’ll learn how to start compliance the right way with a formal gap assessment, define and shrink your CUI scope, and build a System Security Plan (SSP) that maps to all 110 NIST 800-171 c...
Submit any questions you would like answered on the podcast! In this episode of the CMMC Compliance Guide Podcast, Brooke and Stacey from Justice IT Consulting unpack the biggest updates from the Cyber AB’s October 2025 Town Hall and what they mean for defense contractors preparing for CMMC certification. You’ll learn: Why the government shutdown isn’t delaying CMMC or the 48 CFR rolloutThe $875K False Claims Act case against Georgia Tech and what it teaches all contractorsHow the CMMC ecosys...
Submit any questions you would like answered on the podcast! Get the inside scoop from CS5 East 2025, the largest cybersecurity and compliance event for the Defense Industrial Base. In this episode, Brooke and Stacey from Justice IT Consulting breaks down the biggest CMMC updates, Operation Midnight Hammer, and how AI is reshaping compliance. Learn what the Cyber AB announced, how CMMC Phase 2 is rolling out, and what contractors should expect next. Whether you’re a Compliance Officer, DoD P...
Submit any questions you would like answered on the podcast! 🎯 Get your Free SPRS Roadmap Session: https://cmmccomplianceguide.com/free-sprs-roadmap Our experts will review your SPRS score, documentation, and setup to help you hit 110 with a clear action plan at no cost. Prime contractors like Lockheed Martin, Raytheon, and Parker Hannifin are demanding proof of compliance before awarding new work — and subcontractors who can’t prove it risk losing contracts. In this episode, Brooke and Aus...
Submit any questions you would like answered on the podcast! The September 2025 Cyber AB Town Hall dropped big updates for contractors navigating CMMC and NIST 800-171 compliance. In this episode of the CMMC Compliance Guide Podcast, Brooke and Austin break down what the final CMMC rule (Title 48A) means for defense contractors, subcontractors, and service providers. We cover the timeline for implementation, prime and subcontractor flow-down requirements, service provider risks (MSPs, ...
Submit any questions you would like answered on the podcast! Worried about mishandling Controlled Unclassified Information (CUI)? In this episode of the CMMC Compliance Guide Podcast, Brooke and Stacey break down what CUI really is, why it matters in defense contracting, and the biggest mistakes contractors make when handling it. You’ll also learn the real-world risks of CUI mishandling, how assessors check compliance during a CMMC Level 2 assessment, and the low-cost, practical solutio...
Submit any questions you would like answered on the podcast! The wait is over: the Department of Defense has finalized the CMMC rule, officially making it part of DFARS. That means compliance isn’t “coming soon”, it’s now in your contracts. In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke from Justice IT Consulting break down what the final rule means for DoD contractors and subcontractors, the key deadlines you need to know, and the exact steps to prepare for Level 2 ...
Submit any questions you would like answered on the podcast! Confused about where NIST 800-171 fits into your CMMC 2.0 assessment? You’re not alone. In this episode of the CMMC Compliance Guide, Brooke and Stacey from Justice IT Consulting break it all down in plain English. We cover the foundation of NIST 800-171, how it maps into the CMMC levels, what assessors actually look for during an audit, and the most common mistakes contractors make. We’ll also touch on the latest updates in...
Submit any questions you would like answered on the podcast! Thinking about building an enclave for CMMC compliance? Not so fast. In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke from Justice IT Consulting break down: What an enclave actually is (in plain English)When an enclave makes sense (and saves you money)When it can hurt your compliance effortsWhat assessors will really be looking for in your auditIf you’ve ever asked, “Do I need an enclave for CMMC?”, ...
Submit any questions you would like answered on the podcast! Think you’re ready for your CMMC assessment? In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke break down the difference between being “paper ready” and truly “assessment ready.” From documentation gaps to overlooked technical controls, they share insider tips to help you pass with confidence. We’ll walk you through the common blind spots that can derail an assessment, how to stress test your compliance p...
Submit any questions you would like answered on the podcast! Marking a CMMC control as “Not Applicable” might feel like an easy shortcut but get it wrong, and you could fail your assessment, lose contracts, or even face legal trouble. In this episode of The CMMC Compliance Guide, Brooke and Stacey from Justice IT Consulting break down the real risks of misusing N/A, share common mistakes companies make, and explain how to properly justify a not applicable control so you stay compliant and av...
Download from Google Play
Download from App Store
United States
Hi , I enjoy your podcast, it's really helpful but do you think maybe you could get the volume on your two microphones somewhat closer to each other? I am driving down the road turning my volume up and down because one of you is really loud and the other is very quiet. also, I am a woman doing all of the it for a foundry In the DOD supply chain , cmmc, it admin, helpdesk, security cameras, plcs,it's a lot. you seem to assume that your audience is male. thanks again for the great podcast.