People have been asking about the CMMC "small biz roll-out".
There is no such thing.
CMMC will be rolled out by contract and the level required will be determined by the type of data handled pursuant to that contract.
The size of the company involved (or the amount of controlled information) is irrelevant.
Every Friday we spend an hour taking live questions on CMMC, DFARS, NIST, etc.
If you can't make it feel free to leave a question in the comments and we'll be sure to include it.
Can't stay to chat?
Call the hotline: 1-866-CUI-7021 (it's a real number)

This has been the busiest 45 day stretch in CMMC-land I can remember.
- The 48 CFR CMMC final rule is in final regulatory review
- Supplier memos from Lockheed and Boeing re: CMMC
- Official CMMC notices from the Army Corps of Engineers
- SECDEF memo emphasizing CMMC as a strategic priority
That's a lot to keep up with.
Luckily we sit down every Friday to answer questions live.
Don't have time to stop by?
Call the hotline today: 1-866-CUI-7021 (it's a real number)

The longest pole in the CMMC tent isn't the total number of assessors.
It's the collective capacity to implement requirements.
Most companies affected by DoD cyber requirements don't have the ability to implement those requirements.
Only now that CMMC (which verifies implementation) is around the corner are people realizing how far behind they are.
Every Friday we sit down and answer any and every kind of question that we hear from that week and any live questions from the audience.
Don't have time to stop by?
Call the hotline today: 1-866-CUI-7021 (it's a real number)