The CMMC training and certification ecosystem is ambitious as it aims to support training material development and certification of both instructors and assessors. It is currently on a path to providing a strong foundation for CMMC as a whole. In this episode our cybersecurity experts dive into the details and nuances of the training and certification requirements in the CMMC ecosystem. Hear them define the terms, discuss the requirements, contrast CMMC training and certification with other compliance frameworks, grapple with challenges and finally address what lies ahead. Joining host Cole French is Joe Lissenden, CEO of Precision Execution, provider of CMMC training and certification services. Joe has more than 25 years of consulting, training, and auditing experience over a wide range of systems and standards.

Reference material:

Acronyms:

• APP: Approved Publishing Partner (formerly Licensed Publishing Partner)
• ATP: Approved Training Provider (formerly Licensed Training Provider)
• CCI: CMMC Certified Instructor (formerly Provisional Instructor)
• CAICO: Cybersecurity Assessor & Instructor Certification Organization
• CAP: CMMC Assessment Process
• CATM: CAICO Approved Training Material
• CCP: CMMC Certified Professional
• CCA: CMMC Certified Assessor
• OSC: Organization Seeking Certification
• RPO: Registered Provider Organization

Links:

• Cybersecurity Assessor & Instructor Certification Organization (CAICO)
• CMMC Assessment Process (CAP)

The news about cybercrime is overwhelming to those who fight to secure our organizations. Cybercrime organizations are sophisticated and constantly changing. But there’s a hidden truth in cybercrime attacks: cybercriminals exploit the same weaknesses they’ve been exploiting for years. This should give us some hope; we know where our organizations are weakest, which gives us a good place to start. But these weaknesses are often hard to address. They require not just technical solutions, but a lot of thought, coordination, planning, and continual re-evaluation. Most often thought of as technical problems, compliance frameworks provide a solid starting point for properly framing the thought, coordination, planning, and continual re-evaluation that is necessary.

Our guest, Terry McGraw will walk us through these solutions and the support that compliance frameworks provide to ensure continued success. Terry is a retired Lieutenant Colonel from the United States Army and now serves the CEO of Cape Endeavors, Inc, with over 20 years of providing expertise in cyber security threat analysis, security architectural design, network operations and incident response for both commercial and government sectors.

Links:

• Ransomware Stages of Grief
• 2024 State of the Threat – A Year in Review
• Detecting Top Initial Attack Vectors in 2024
• 3 Common Initial Attack Vectors Account for Most Ransomware Campaigns
• Meeting a Greater Demand for Cybersecurity

CMMC’s security requirements are not new. What is new about CMMC is the level of rigor. With the recent publication of the CMMC rule, DoD is ever closer to requiring contractors to comply with CMMC security requirements and back them up with an assessment. The CMMC Rule, like any new regulation, is packed with details. Details that have been rumored, speculated, and drafted. Now that they’re known and final, we’re here to help you see clearer.

In today’s episode, our host, Cole French becomes the expert guest. As Director of Cybersecurity Services and CMMC Capability Lead at Kratos, Cole answers all the questions you might still have about CMMC and its impact on your organization:

· When will assessments start?

· What can my organization do now?

· When will CMMC be required in DoD contracts?

· How does the rule impact my use of external service providers?

· Can I qualify for a self-assessment or must I go through a C3PAO assessment?

And more!

Links:

• The Rule
• Kratos’ CMMC Services Data Sheet
• DoD’s CMMC Overview
• CMMC’s New Rule Has Finally Arrived: 7 Key Takeaways to Help You Move Forward