Sum IT Up: CMMC News Roundup

After a brief hiatus, the Cyber AB has gathered the CMMC Ecosystem to deliver its monthly update. On this week's show, we breakdown the information distributed on this month's meeting that you need to know. Things like:



• Who is the new DoW CIO?



• Pending shutdown and CMMC Impacts



• Ecosystem Growth and Certification updates



• Does this show count for CPEs?



And so much more...Tune in to find out!



ISACA Webinar - CMMC: Requirements, Roles, and Professional Credentials: https://store.isaca.org/s/community-event?id=a33VQ000001otC1YAI



DAU CMMC microlearning: https://www.dau.edu/acquipedia?combine=cmmc&title=C&field_functional_area_target_id=All&field_topic_area_target_id=All



ISACA CMMC Page: https://www.isaca.org/credentialing/cmmc

Defense contractors aren't the only ones who need to implement NIST cybersecurity requirements for CUI. The big question has always been whether other agencies would require proof of implementation via the CMMC program. The GSA just revised their process for assessing nonfederal systems handling controlled unclassified information and it's way closer to NIST's Risk Management Framework than CMMC.



CIO-IT Security-21-112r1 (PDF): https://www.gsa.gov/system/files/Protecting-Controlled-Unclassified-Information-%28CUI%29-in-Nonfederal-Systems-and-Organizations-Process-%5BCIO-IT-Security-21-112-Rev-1%5D.pdf



Summit 7 Live San Diego: https://www.summit7.us/s7live

This week we sit down with Supply Chain Director Bo Birdwell to discuss Elbit America's latest open letter to suppliers regarding CMMC. Elbit's letter doesn't mince words: CMMC is here and the time to act is now. Bo not only walks us through the perspective of a major prime contractor on cost, timelines, outsourced services, CMMC Level 3, and more – he also drops a ton of helpful tips for current and prospective suppliers.



Elbit Supplier Page: https://www.elbitamerica.com/suppliers#cyber



MSP Collective: https://www.mspcollective.org/



Bo Birdwell: https://www.linkedin.com/in/bobirdwell/

The defense department has updated the CMMC FAQs for the second time in 3 months. In lieu of rulemaking updates the CMMC FAQs are the best place for updated guidance. This week we're exploring DoD's answers regarding everything from encryption to enclaves to VDI endpoints.



CMMC FAQs: https://dodcio.defense.gov/CMMC/

Another year another set of eerily accurate predictions about defense cybersecurity requirements and the CMMC program. Like usual we got most of our 2025 predictions correct. For 2026 we're getting specific with False Claims settlements, CMMC 3.0, FAR CUI, and more!



FCA episode: https://youtu.be/tPA-ALjW1Hk?si=KgPUAo4VqqmX3mNF



DoD IG report: https://www.youtube.com/watch?v=RNafaUlgBGo



Golden Dome: https://youtu.be/y88JqZdJsj0?si=eGpIm1jqKRYpW4n3