PodcastsGovernmentSum IT Up: CMMC News Roundup

Sum IT Up: CMMC News Roundup

Summit 7
Sum IT Up: CMMC News Roundup
Latest episode

164 episodes

  • Sum IT Up: CMMC News Roundup

    There Are Enough CMMC Assessors, Contractors Just Aren't Ready

    2026/07/02 | 10 mins.
    Another 279 companies achieved CMMC Level 2 certification in June 2026, bringing the total to 1,717 certified organizations.



    That's a record month and far ahead of DoD's original projections. But the data also shows something surprising: the industry still isn't using all of its available assessment capacity.



    In this episode, we break down the latest Cyber AB numbers, explain our assessment capacity methodology, and discuss why contractor readiness, not assessor availability, remains the biggest constraint on CMMC adoption.



    Topics covered:



    • June 2026 CMMC Level 2 certification numbers



    • Available CMMC assessment capacity



    • Why the assessor shortage narrative doesn't match the data



    • The connection between CMMC readiness and DFARS 252.204-7012 compliance



    • What these trends could mean for the rest of the phased rollout



    Have questions? Contact us: https://summit7.us/



    Register for Secure The DIB: https://summit7.us/event/secure-the-dib-telethon



    Monthly Cyber AB Town Hall: https://cyberab.org/News-Events/Town-Halls/pager/7916/page/2
  • Sum IT Up: CMMC News Roundup

    A Perfect SPRS Score Turned Into a $507K Settlement

    2026/06/25 | 13 mins.
    The DOJ has announced its first cybersecurity False Claims Act settlement of 2026, and the details should get every defense contractor's attention.



    In this episode, we break down the LOGZONE settlement, the difference between DFARS 252.204-7012 and CMMC, how a perfect SPRS score became a DIBCAC assessment score of -170, and why this case may be a preview of additional enforcement actions still working their way through the system.



    Topics covered:

    • LOGZONE FCA settlement details

    • DFARS 252.204-7012, 7019, and 7020

    • SPRS self-assessment scores

    • DIBCAC medium assessments

    • Why no whistleblower was required

    • What this means for defense contractors moving forward



    Settlement and source documents linked below.



    Register for Secure The DIB: http://summit7.us/event/secure-the-dib-telethon



    Register for Summit 7 Live: https://www.summit7.us/s7live



    DOJ Settlement: https://www.justice.gov/opa/pr/alabama-defense-contractor-agrees-pay-507144-resolve-false-claims-act-liability-relating



    DoD IG + DOJ (2023): https://youtu.be/_3GLX6ele_E?t=448



    FCA pod w/ Alexander Canizares: https://youtu.be/Tga0krfIrEk?si=i6E2FuLY7QLNGmos



    FCA pod w/ Stephanie Siegmann: https://youtu.be/d1yweDy2wV4?si=drOwbWxBm9GAlh38



    FCA w/ Bruce Judge: https://youtu.be/tqT_5yQBlOk?si=xgmqev-87KTKpxUJ
  • Sum IT Up: CMMC News Roundup

    What 2,005 Votes Revealed About Why Organizations Struggle With CMMC

    2026/06/18 | 20 mins.
    Register for Secure The DIB: https://www.summit7.us/secure-the-dib-telethon



    Over the last two months, we ran the CMMC Challenge Bracket.

    Eight matchups, 907 participants, 2,005 votes.

    The winner? Leadership Buy-In.

    But the final standings were only part of the story.

    In this episode, we break down the voting trends, coalition shifts, and comment analysis to understand what the community actually believes is holding organizations back from CMMC success.
  • Sum IT Up: CMMC News Roundup

    We Predicted 2026. Here's What We Got Right (and Wrong) About CMMC

    2026/06/11 | 19 mins.
    Back in January, we made seven predictions about where the CMMC ecosystem would be by the end of 2026.



    Now that we're halfway through the year, we're checking the scoreboard.



    In this episode:



    • Level 2 certification growth

    • False Claims Act enforcement trends

    • Funding and compliance assistance programs

    • The FAR CUI rule

    • CMMC 3.0 and NIST SP 800-171 Rev. 3

    • Early Level 3 activity

    • What the GAO report actually found



    Some predictions are looking strong. Others are too close to call. And at least one is trending in the wrong direction.



    Here's our mid-year reality check on CMMC in 2026.



    Register for Summit 7 Live: https://www.summit7.us/s7live



    2026 Predictions (January): https://youtu.be/WxgGtKpF3_s?si=I9MfjmkBDojCRThv



    GAO Report podcast: https://youtu.be/U0VhiN3qpdE?si=lD-Pbl3vyfbIMPw7



    NCODE for SMBs: https://www.summit7.us/blog/ncode-contract-award



    Assessment Capacity podcast: https://youtu.be/e_1FztgNCHM?si=PdpkkVk3SSa1V4-2



    CIRCIA update: https://youtu.be/bvwnNSpDZgU?si=bS0ARRUfvvzLemmK
  • Sum IT Up: CMMC News Roundup

    The Cyber Rule Everyone Forgot About Just Came Back

    2026/06/04 | 22 mins.
    Remember CIRCIA?



    The proposed rule would create mandatory cyber incident reporting requirements for more than 300,000 organizations across 16 critical infrastructure sectors, including the Defense Industrial Base.



    Now CISA is holding a new round of town halls to gather feedback before issuing a final rule.



    In this episode, we explain why CIRCIA isn't just another version of DFARS 252.204-7012, the seven biggest differences defense contractors need to understand, and why the upcoming town halls may be the DIB's best opportunity to influence the final rule.



    Registration links for the CIRCIA Town Halls are included below.



    Register for Summit 7 Live: https://www.summit7.us/s7live



    CIRCIA Town Halls: https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia



    CIRCIA Proposed Rule Pod (2024): https://youtu.be/ngYSaO5fg5Y?si=VoVW54QvAzKe6r-r



    Proposed Rule: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements



    Congressional Research Service Report (PDF): https://www.congress.gov/crs-product/R48025



    CIRCIA Hearing: https://homeland.house.gov/hearing/surveying-circia-sector-perspectives-on-the-notice-of-proposed-rulemaking/
More Government podcasts
About Sum IT Up: CMMC News Roundup
It's difficult to keep up with all of the moving parts that make up the Department of Defense's Cybersecurity Maturity Model Certification Program. It's even more difficult to keep up with the relevant bits and bites that influence CMMC. This weekly podcast sums up the news and developments relevant to CMMC; DFARS and other regulations; and NIST standards such as SP 800-171, SP 800-53, the NIST Cybersecurity Framework, and others.
Podcast website

Listen to Sum IT Up: CMMC News Roundup, The Coming Storm and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features
Sum IT Up: CMMC News Roundup: Podcasts in Family