Welcome back to Mostly Compliant, the cybersecurity show for professionals with trust issues, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.

In this episode, Matt is joined by Tony Bai, Chief Solutions Officer at RiskPoint and a seasoned expert in federal compliance frameworks. Together, they dive deep into the complexities of FedRAMP and its intersection with the DoD provisional authorization process for cloud service providers. Tony breaks down the nuances of impact levels, the additional controls required for DoD compliance, and the challenges of navigating FedRAMP equivalency.

The conversation also explores the relationship between FedRAMP, CMMC, and controlled unclassified information (CUI), offering practical insights for cloud service providers working with DoD agencies.

About Mostly Compliant: Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.

Welcome to another episode of Mostly Compliant, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.

In this episode, Matt sits down with Michael Brooks, Lead CMMC Assessor at A-LIGN, to break down the CMMC Assessment Process (CAP) for Level 2 certification. Together, they explore the CAP’s purpose, its four key phases, and why Phase 1 — the pre-assessment — is essential for ensuring readiness.

The conversation dives into the importance of system security plans (SSPs), scoping, and evidence preparation, while also addressing common misconceptions about Phase 1 and how it differs from a mock audit. Michael shares expert advice on navigating the process, avoiding pitfalls, and setting your organization up for success in the formal assessment.

Listen to this episode on your favorite platform: lnk.to/X2VoDS

About Mostly Compliant: Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.

Welcome to another episode of Mostly Compliant, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.

In this episode, Matt is joined by Jacob Horne, Chief Security Evangelist at Summit 7 and a leading expert in cybersecurity compliance for the Aerospace and Defense industry. Together, they explore the challenges contractors face as CMMC becomes enforceable, including the risks of last-minute preparation, misconceptions about self-assessments, and the critical role of procurement timelines. Matt and Jacob also discuss the overconfidence many organizations have in their compliance status and the importance of acting now to avoid costly missteps.