エピソード

  • CMMC Phase 2 Is Suspended... But Contractor Liability Just Went UP
    2026/07/16

    Miss the CUI Hotline Telethon? Watch it on-demand: https://summit7.us/event/secure-the-dib-telethon

    The DoD has suspended the November 2026 transition to Phase 2 of CMMC implementation, but that doesn't mean cybersecurity requirements have been relaxed.

    In this episode, we explain what actually changed, what didn't, why Level 2 self-assessments now matter more than ever, and how contractors could expose themselves to significant False Claims Act liability if they misunderstand the news.

    We also discuss the 60-day CMMC program review, the DoD's Request for Information, and what defense contractors should focus on moving forward.

    Phase 2 Announcement: https://www.war.gov/News/Releases/Release/Article/4542329/forging-the-arsenal-of-freedom-department-of-war-suspends-cmmc-phase-ii-require/

    Phase 2 Blog: https://summit7.us/blog/cmmc-phase-2-suspended-with-60-day-review-what-happens-next

    32 CFR 170.16: https://www.ecfr.gov/current/title-32/section-170.16

    32 CFR 170.22: https://www.ecfr.gov/current/title-32/subtitle-A/chapter-I/subchapter-G/part-170/subpart-D/section-170.22

    False Claims Act: https://youtu.be/T5wJYnQzWws?si=pn8iwA7_8Ys_wvdq

    続きを読む 一部表示
    24 分
  • Last Chance to Influence the FAR CUI Rule
    2026/07/09

    Register for Secure The DIB: https://summit7.us/event/secure-the-dib-telethon

    The public comment period for the proposed FAR CUI rule closes on July 23, making this your last opportunity to influence one of the biggest cybersecurity changes coming to federal contracting.

    Simply supporting or opposing the rule isn't enough. In this episode, we break down the Government's own guidance for writing effective public comments and explain the seven principles that make comments persuasive.

    You'll learn the common mistakes to avoid, how to build evidence-based arguments, and how to give regulators constructive recommendations they can actually use.

    Whether you're planning to comment on the FAR CUI rule or want to better understand how federal rulemaking works, this episode will help you make your comment count before the deadline.

    Register for Summit 7 Live: https://www.summit7.us/s7live

    FAR CUI Rule: https://www.federalregister.gov/documents/2026/06/23/2026-12559/federal-acquisition-regulation-revolutionary-federal-acquisition-regulation-overhaul-parts-1-2-4-33

    GSA Comment Guidance: https://www.regulations.gov/commenting-guidance

    続きを読む 一部表示
    17 分
  • There Are Enough CMMC Assessors, Contractors Just Aren't Ready
    2026/07/02

    Another 279 companies achieved CMMC Level 2 certification in June 2026, bringing the total to 1,717 certified organizations.

    That's a record month and far ahead of DoD's original projections. But the data also shows something surprising: the industry still isn't using all of its available assessment capacity.

    In this episode, we break down the latest Cyber AB numbers, explain our assessment capacity methodology, and discuss why contractor readiness, not assessor availability, remains the biggest constraint on CMMC adoption.

    Topics covered:

    • June 2026 CMMC Level 2 certification numbers

    • Available CMMC assessment capacity

    • Why the assessor shortage narrative doesn't match the data

    • The connection between CMMC readiness and DFARS 252.204-7012 compliance

    • What these trends could mean for the rest of the phased rollout

    Have questions? Contact us: https://summit7.us/

    Register for Secure The DIB: https://summit7.us/event/secure-the-dib-telethon

    Monthly Cyber AB Town Hall: https://cyberab.org/News-Events/Town-Halls/pager/7916/page/2

    続きを読む 一部表示
    10 分
  • A Perfect SPRS Score Turned Into a $507K Settlement
    2026/06/25

    The DOJ has announced its first cybersecurity False Claims Act settlement of 2026, and the details should get every defense contractor's attention.

    In this episode, we break down the LOGZONE settlement, the difference between DFARS 252.204-7012 and CMMC, how a perfect SPRS score became a DIBCAC assessment score of -170, and why this case may be a preview of additional enforcement actions still working their way through the system.

    Topics covered:

    • LOGZONE FCA settlement details

    • DFARS 252.204-7012, 7019, and 7020

    • SPRS self-assessment scores

    • DIBCAC medium assessments

    • Why no whistleblower was required

    • What this means for defense contractors moving forward

    Settlement and source documents linked below.

    Register for Secure The DIB: http://summit7.us/event/secure-the-dib-telethon

    Register for Summit 7 Live: https://www.summit7.us/s7live

    DOJ Settlement: https://www.justice.gov/opa/pr/alabama-defense-contractor-agrees-pay-507144-resolve-false-claims-act-liability-relating

    DoD IG + DOJ (2023): https://youtu.be/_3GLX6ele_E?t=448

    FCA pod w/ Alexander Canizares: https://youtu.be/Tga0krfIrEk?si=i6E2FuLY7QLNGmos

    FCA pod w/ Stephanie Siegmann: https://youtu.be/d1yweDy2wV4?si=drOwbWxBm9GAlh38

    FCA w/ Bruce Judge: https://youtu.be/tqT_5yQBlOk?si=xgmqev-87KTKpxUJ

    続きを読む 一部表示
    13 分
  • What 2,005 Votes Revealed About Why Organizations Struggle With CMMC
    2026/06/18

    Register for Secure The DIB: https://www.summit7.us/secure-the-dib-telethon

    Over the last two months, we ran the CMMC Challenge Bracket.

    Eight matchups, 907 participants, 2,005 votes.

    The winner? Leadership Buy-In.

    But the final standings were only part of the story.

    In this episode, we break down the voting trends, coalition shifts, and comment analysis to understand what the community actually believes is holding organizations back from CMMC success.

    続きを読む 一部表示
    21 分
  • We Predicted 2026. Here's What We Got Right (and Wrong) About CMMC
    2026/06/11

    Back in January, we made seven predictions about where the CMMC ecosystem would be by the end of 2026.

    Now that we're halfway through the year, we're checking the scoreboard.

    In this episode:

    • Level 2 certification growth

    • False Claims Act enforcement trends

    • Funding and compliance assistance programs

    • The FAR CUI rule

    • CMMC 3.0 and NIST SP 800-171 Rev. 3

    • Early Level 3 activity

    • What the GAO report actually found

    Some predictions are looking strong. Others are too close to call. And at least one is trending in the wrong direction.

    Here's our mid-year reality check on CMMC in 2026.

    Register for Summit 7 Live: https://www.summit7.us/s7live

    2026 Predictions (January): https://youtu.be/WxgGtKpF3_s?si=I9MfjmkBDojCRThv

    GAO Report podcast: https://youtu.be/U0VhiN3qpdE?si=lD-Pbl3vyfbIMPw7

    NCODE for SMBs: https://www.summit7.us/blog/ncode-contract-award

    Assessment Capacity podcast: https://youtu.be/e_1FztgNCHM?si=PdpkkVk3SSa1V4-2

    CIRCIA update: https://youtu.be/bvwnNSpDZgU?si=bS0ARRUfvvzLemmK

    続きを読む 一部表示
    20 分
  • The Cyber Rule Everyone Forgot About Just Came Back
    2026/06/04

    Remember CIRCIA?

    The proposed rule would create mandatory cyber incident reporting requirements for more than 300,000 organizations across 16 critical infrastructure sectors, including the Defense Industrial Base.

    Now CISA is holding a new round of town halls to gather feedback before issuing a final rule.

    In this episode, we explain why CIRCIA isn't just another version of DFARS 252.204-7012, the seven biggest differences defense contractors need to understand, and why the upcoming town halls may be the DIB's best opportunity to influence the final rule.

    Registration links for the CIRCIA Town Halls are included below.

    Register for Summit 7 Live: https://www.summit7.us/s7live

    CIRCIA Town Halls: https://www.cisa.gov/topics/cyber-threats-and-advisories/information-sharing/cyber-incident-reporting-critical-infrastructure-act-2022-circia

    CIRCIA Proposed Rule Pod (2024): https://youtu.be/ngYSaO5fg5Y?si=VoVW54QvAzKe6r-r

    Proposed Rule: https://www.federalregister.gov/documents/2024/04/04/2024-06526/cyber-incident-reporting-for-critical-infrastructure-act-circia-reporting-requirements

    Congressional Research Service Report (PDF): https://www.congress.gov/crs-product/R48025

    CIRCIA Hearing: https://homeland.house.gov/hearing/surveying-circia-sector-perspectives-on-the-notice-of-proposed-rulemaking/

    続きを読む 一部表示
    23 分
  • May Cyber AB Town Hall Recap
    2026/05/28

    The Cyber AB brought the ecosystem together to deliver pretty exciting news during the May monthly town hall. Join us for this week's episode as we break down some of the topics a little deeper to see what it actually means for the ecosystem.

    Things like:

    • Has production accelerated within the ecosystem?

    • Who is the new EVP of the Cyber AB?

    • Who actually attends these meetings?

    And so much more...Tune in to find out!

    Cyber AB TH Replay's: https://cyberab.org/News-Events/Town-Hall

    ISACA Website: https://www.isaca.org/

    T3 Inquiries (older than 6 months): https://dowcio.war.gov/CMMC/Contact/

    NIST SP 800-145: https://csrc.nist.gov/pubs/sp/800/145/final

    続きを読む 一部表示
    26 分