Sum IT Up: CMMC News Roundup podcast | Listen online for free

161 episodes

We Predicted 2026. Here's What We Got Right (and Wrong) About CMMC
2026/06/11 | 19 mins.
Back in January, we made seven predictions about where the CMMC ecosystem would be by the end of 2026.

Now that we're halfway through the year, we're checking the scoreboard.

In this episode:

• Level 2 certification growth

• False Claims Act enforcement trends

• Funding and compliance assistance programs

• The FAR CUI rule

• CMMC 3.0 and NIST SP 800-171 Rev. 3

• Early Level 3 activity

• What the GAO report actually found

Some predictions are looking strong. Others are too close to call. And at least one is trending in the wrong direction.

Here's our mid-year reality check on CMMC in 2026.

Register for Summit 7 Live: https://www.summit7.us/s7live

2026 Predictions (January): https://youtu.be/WxgGtKpF3_s?si=I9MfjmkBDojCRThv

GAO Report podcast: https://youtu.be/U0VhiN3qpdE?si=lD-Pbl3vyfbIMPw7

NCODE for SMBs: https://www.summit7.us/blog/ncode-contract-award

Assessment Capacity podcast: https://youtu.be/e_1FztgNCHM?si=PdpkkVk3SSa1V4-2

CIRCIA update: https://youtu.be/bvwnNSpDZgU?si=bS0ARRUfvvzLemmK
The Cyber Rule Everyone Forgot About Just Came Back
2026/06/04 | 22 mins.
Remember CIRCIA?

The proposed rule would create mandatory cyber incident reporting requirements for more than 300,000 organizations across 16 critical infrastructure sectors, including the Defense Industrial Base.

Now CISA is holding a new round of town halls to gather feedback before issuing a final rule.

In this episode, we explain why CIRCIA isn't just another version of DFARS 252.204-7012, the seven biggest differences defense contractors need to understand, and why the upcoming town halls may be the DIB's best opportunity to influence the final rule.

Registration links for the CIRCIA Town Halls are included below.

Register for Summit 7 Live: https://www.summit7.us/s7live

CIRCIA Town Halls: https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia

CIRCIA Proposed Rule Pod (2024): https://youtu.be/ngYSaO5fg5Y?si=VoVW54QvAzKe6r-r

Proposed Rule: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements

Congressional Research Service Report (PDF): https://www.congress.gov/crs-product/R48025

CIRCIA Hearing: https://homeland.house.gov/hearing/surveying-circia-sector-perspectives-on-the-notice-of-proposed-rulemaking/
May Cyber AB Town Hall Recap
2026/05/28 | 25 mins.
The Cyber AB brought the ecosystem together to deliver pretty exciting news during the May monthly town hall. Join us for this week's episode as we break down some of the topics a little deeper to see what it actually means for the ecosystem.

Things like:

• Has production accelerated within the ecosystem?

• Who is the new EVP of the Cyber AB?

• Who actually attends these meetings?

And so much more...Tune in to find out!

Cyber AB TH Replay's: https://cyberab.org/News-Events/Town-Hall

ISACA Website: https://www.isaca.org/

T3 Inquiries (older than 6 months): https://dowcio.war.gov/CMMC/Contact/

NIST SP 800-145: https://csrc.nist.gov/pubs/sp/800/145/final
DoD Updated the CMMC FAQs Again
2026/05/21 | 18 mins.
DoD has updated the CMMC FAQs again, and the revision history doesn't tell the full story. In this episode, we break down the most important FAQ 2.3 changes, including significant changes, annual affirmations, CMMC UIDs, joint ventures, hard-copy CUI, and why the Affirming Official is one of the most important CMMC roles inside your company.

Register for Summit 7 Live: https://www.summit7.us/s7live

100 Level 2-Certified Clients: https://www.summit7.us/blog/100-cmmc-l2-certified-clients

NCODE: https://www.summit7.us/blog/ncode-contract-award

CMMC FAQs: https://dodcio.defense.gov/CMMC/

January FAQ Pod: https://youtu.be/8ZxqqH0zws8?si=m5n8WQttWsZV8n24

Paper CUI Pod: https://youtu.be/lcIaxVBjyr0?si=17LdlP92NuCGa_ph
Lessons Learned from 100 Level 2 Client Certifications
2026/05/14 | 26 mins.
It's milestone season in the CMMC world. Just six months into the Phased Rollout and there are 2.5x more Level 2 certifications than DoD expected. Meanwhile, a significant portion of those certs are Summit 7 clients. We now work with more than 100 Level 2 certified companies. Last but not least, Summit 7 was awarded the Army's NCODE contract to help bring secure and compliant enclaves to micro-sized defense contractors. Exciting times.

Register for Summit 7 Live: https://www.summit7.us/s7live

100 Level 2-Certified Clients: https://www.summit7.us/blog/100-cmmc-l2-certified-clients

NCODE: https://www.summit7.us/blog/ncode-contract-award

More Government podcasts

Trending Government podcasts

About Sum IT Up: CMMC News Roundup

It's difficult to keep up with all of the moving parts that make up the Department of Defense's Cybersecurity Maturity Model Certification Program. It's even more difficult to keep up with the relevant bits and bites that influence CMMC. This weekly podcast sums up the news and developments relevant to CMMC; DFARS and other regulations; and NIST standards such as SP 800-171, SP 800-53, the NIST Cybersecurity Framework, and others.

Podcast website

Government Technology

Listen to Sum IT Up: CMMC News Roundup, 5-4 and many other podcasts from around the world with the radio.net app

Get the free radio.net app

Stations and podcasts to bookmark
Stream via Wi-Fi or Bluetooth
Supports Carplay & Android Auto
Many other app features

Open app

Get the free radio.net app

Stations and podcasts to bookmark
Stream via Wi-Fi or Bluetooth
Supports Carplay & Android Auto
Many other app features

Sum IT Up: CMMC News Roundup

Scan code,
download the app,
start listening.

Sum IT Up: CMMC News Roundup: Podcasts in Family