Getting CMMC Right: Scope, Budget, and Certification Tips
Description
Think compliance is just an IT problem? It’s a revenue problem, too. Without it, some contracts will stay out of reach.
In this episode, Jara Rowe talks with Tom Greco, vCISO at Trava Security, about what companies need to know about the Cybersecurity Maturity Model Certification (CMMC). It’s a Department of Defense requirement that verifies whether companies are securely handling Controlled Unclassified Information (CUI). Tom Greco explains what CMMC involves, how scoping affects your readiness, and how to maintain compliance over time. In short, if you want to win or keep federal contracts, CMMC compliance isn’t optional.
Key takeaways:
- What CMMC is and why it exists
- The importance of accurate scoping
- Tools and tips to maintain CMMC compliance
Episode highlights:
(00:00 ) Today’s topic: What is CMMC?
(02:20 ) What CMMC means for your business
(06:05 ) The nuances of scoping
(10:07 ) How contracts set your CMMC level
(13:44 ) Self-assessment vs third-party audits
(17:36 ) Maintaining CMMC compliance over time
(22:17 ) Perform gap assessments ASAP
Connect with the host:
Jara Rowe’s LinkedIn - @jararowe
Connect with the guest:
Thomas Greco’s LinkedIn - @thomas-greco
Connect with Trava:
Website - www.travasecurity.com
Blog - www.travasecurity.com/learn-with-trava/blog
LinkedIn - @travasecurity
YouTube - @travasecurity
United States
