An industry event for DoD Contractors & Higher Education Institutions: https://www.summit7.us/secure-the-dib-2025
Lockheed Martin wants their suppliers to know two things. First, suppliers should be fully and confidently compliant with existing DFARS cybersecurity requirements. Second, suppliers should be fully transitioned to the “Cybersecurity Compliance and Risk Assessment” tool. All of this before CMMC ever shows up in contracts. This shouldn't come as a surprise to anyone because this is the 6th CMMC memo from Lockheed in the last 18 months. This week we take a look at each one to see where things are headed (hint: they all say the same thing).
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
Blog: https://www.summit7.us/blog/lockheed-martin-pushes-suppliers-toward-urgent-cybersecurity-compliance
Lockheed Memo: https://www.lockheedmartin.com/en-us/suppliers/news/features/2025/cybersecurity-program-rule.html
Memo Recap: https://youtu.be/IKpH2F259J8?si=qmCyo4Mi57UvMx0g
DFARS 7012: https://youtu.be/cy4e28YAkXU?si=RJwhoS6NrZJgo9Xj
DFARS 7012 Class Deviation: https://youtu.be/voziZRAMvv4?si=Pm3mtgR338PE3B7b
DFARS 7020: https://youtu.be/D4JLkfvB-Ws?si=aa45Tr3_UhtbtH4t
--------
27:56
--------
27:56
What is DFARS 7020?
Continuing our back-to-basics series of the “DFARS Cyber Series” of provisions and clauses brings us to clause 252.204-7020. This clause applies to defense contractors who are required to comply with DFARS clause 252.204-7012. Through DFARS 7020 the DoD reserves the right to conduct a higher-level assessment of a contractor's cybersecurity compliance. Additionally, defense contractors must give DoD assessors full access to their facilities, systems, and personnel.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
DFARS 7008: https://youtu.be/vgrRGIWboKc?si=g4vc5bKG6Y6G-DDo
DFARS 7012: https://youtu.be/cy4e28YAkXU?si=ImBm-iI6mh3Xs1sF
DFARS 7019: https://youtu.be/7gW_82Cus7Y?si=LxB__5jeSuJMoL5C
--------
25:20
--------
25:20
June Cyber AB TH Recap
The Cyber AB brought the CMMC Ecosystem together once again for the June 2025 installment of their monthly Town Hall series. Join us for this week's show as we discuss all the information distributed during the meeting that you need to know; answers to questions like:
Is the Ecosystem growing?
How many certifications were awarded this month?
Does Microsoft have to be at my assessment?
And so much more... Tune in to find out!
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
AB Town Halls: https://cyberab.org/News-Events/Town-Halls/Details/march-town-hall
--------
25:13
--------
25:13
System Security Plan Crash Course
System Security Plans are the single most fundamental documents underpinning cybersecurity compliance for defense contractors. But even after nearly 40 years of using SSPs for federal information systems there are essentially zero examples of what good looks like. Thankfully NIST is revising SP 800-18 guidance on developing SSPs and wants your comments. This is a crash course on SSPs so you can get caught up before the July 30th comment deadline.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
DFARS 7008: https://youtu.be/vgrRGIWboKc?si=g4vc5bKG6Y6G-DDo
DFARS 7012: https://youtu.be/cy4e28YAkXU?si=ImBm-iI6mh3Xs1sF
DFARS 7019: https://youtu.be/7gW_82Cus7Y?si=LxB__5jeSuJMoL5C
NIST SP 800-18r2: https://csrc.nist.gov/pubs/sp/800/18/r2/ipd#:~:text=NIST%20Special%20Publication%20800%2D18r2,and%20mission%2Fbusiness%20process%20requirements.
NIST SP 800-18r1: https://csrc.nist.gov/pubs/sp/800/18/r1/final
The History of CMMC: https://youtu.be/jbY2irZ1ePg?si=_Ay66UqRUU9ShhJV
--------
50:24
--------
50:24
Lessons Learned from 25 CMMC Assessments
The CMMC program has been in-effect for six months and hundreds of early adopters have achieved CMMC Level 2 status. Today we speak with Fernando Machado, managing principal at Cybersec Investments, an authorized C3PAO. Fernando has completed 25 CMMC Level 2 assessments and he has a ton of valuable takeaways to share.
Pathfinder 101: https://www.summit7.us/pathfinder
Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo
Fernando (LinkedIn): https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/
Fernando pod (Dec 2024): https://youtu.be/KKJtW4G44WA?si=qzAnzp7_VrCl2Rdu
It's difficult to keep up with all of the moving parts that make up the Department of Defense's Cybersecurity Maturity Model Certification Program. It's even more difficult to keep up with the relevant bits and bites that influence CMMC. This weekly podcast sums up the news and developments relevant to CMMC; DFARS and other regulations; and NIST standards such as SP 800-171, SP 800-53, the NIST Cybersecurity Framework, and others.
South Africa