Sum IT Up: CMMC News Roundup

DoD has updated the CMMC FAQs again, and the revision history doesn't tell the full story. In this episode, we break down the most important FAQ 2.3 changes, including significant changes, annual affirmations, CMMC UIDs, joint ventures, hard-copy CUI, and why the Affirming Official is one of the most important CMMC roles inside your company.



Register for Summit 7 Live: https://www.summit7.us/s7live



100 Level 2-Certified Clients: https://www.summit7.us/blog/100-cmmc-l2-certified-clients



NCODE: https://www.summit7.us/blog/ncode-contract-award



CMMC FAQs: https://dodcio.defense.gov/CMMC/



January FAQ Pod: https://youtu.be/8ZxqqH0zws8?si=m5n8WQttWsZV8n24



Paper CUI Pod: https://youtu.be/lcIaxVBjyr0?si=17LdlP92NuCGa_ph

It's milestone season in the CMMC world. Just six months into the Phased Rollout and there are 2.5x more Level 2 certifications than DoD expected. Meanwhile, a significant portion of those certs are Summit 7 clients. We now work with more than 100 Level 2 certified companies. Last but not least, Summit 7 was awarded the Army's NCODE contract to help bring secure and compliant enclaves to micro-sized defense contractors. Exciting times.



Register for Summit 7 Live: https://www.summit7.us/s7live



100 Level 2-Certified Clients: https://www.summit7.us/blog/100-cmmc-l2-certified-clients



NCODE: https://www.summit7.us/blog/ncode-contract-award

Everyone keeps saying there aren't enough CMMC assessors. The data tells a very different story.

In this episode we break down actual assessment capacity using the current number of certified assessors, DoD's rollout estimates, and capacity growth rates across the ecosystem.

How quickly is the ecosystem scaling toward future demand targets of 16,000 and even 25,000 assessments per year?

Turns out the real bottleneck isn't assessor capacity at all.

...

Register for Summit 7 Live: https://www.summit7.us/s7live

GAO Report (2026): https://www.gao.gov/products/gao-26-107955



GAO Report (2021): https://www.gao.gov/products/gao-22-104679

We are back at it again with another rundown of the Cyber AB's monthly town hall and there sure was a lot of valuable information distributed during the meeting. Join us for this episode of we discuss some of the key information dished out this month and weigh on any impact it may have on the CMMC Program.



Things like:

• Changes in ecosystem engagement?

• Do we have enough steps are in the T3 process?

• Has certification output increased? And so much more...Tune in to find out!

Cyber AB TH Replay's: https://cyberab.org/News-Events/Town-Hall

ISACA Website: https://www.isaca.org/

T3 Inquiries (older than 6 months): https://dowcio.war.gov/CMMC/Contact/

L3Harris Missile Solutions recently sent a letter informing their suppliers that they will need to achieve CMMC Level 2 (C3PAO) Status by July, 30th 2026. Two weeks later, L3Harris announced that they had been awarded a new contract for the Army Tactical Missile System.

Coincidence? We think not.

Not only do subcontractors need to provide their Level 2 certification, they also need to provide their Level 2 assessment report.

This week we talk about whether this is an anomaly or a sign of things to come.

Register for Summit 7 Live: https://www.summit7.us/s7live



L3Harris Letter: https://www.summit7.us/blog/l3harris-supply-chain-notice



Primes can't waive CMMC: https://youtu.be/haVzS8j7Qz4?si=F2RICMKbCNRu-1uh



CMMC CAP (PDF): https://cyberab.org/Portals/0/CMMC%20Assessment%20Process%20v2.0.pdf