In this episode, Kaleigh Floyd, Bobby Guerra, and Adam Evans discuss the complexities surrounding Cloud Service Providers (CSPs) and Managed Service Providers (MSPs) in the context of CMMC compliance. They clarify the definitions, roles, and responsibilities of MSPs and CSPs, particularly in relation to handling Controlled Unclassified Information (CUI) and navigating FedRAMP requirements. The conversation emphasizes the importance of understanding the distinctions between these roles to avoid unnecessary confusion and compliance issues.

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/

Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/

Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, the hosts discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers in compliance. They emphasize the need for System Security Plans (SSPs) to be living documents that adapt to evolving security needs and the necessity for contractors to prepare for the upcoming changes to avoid complications during assessments.

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/

Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/

Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby are joined by Axiom's own, Adam Evans, to discuss the significant changes introduced in NIST 800-171 Rev 3, focusing on the transition from Rev 2 to Rev 3, the importance of Organizational Defined Parameters (ODPs), and the role of external service providers in compliance. They emphasize the need for System Security Plans (SSPs) to be living documents that adapt to evolving security needs and the necessity for contractors to prepare for the upcoming changes to avoid complications during assessments.

Link to NIST 800-171 Rev 3: https://csrc.nist.gov/pubs/sp/800/171/r3/final

Adam's Linkedln: https://www.linkedin.com/in/grcadame/

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/

Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/

Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the complexities of managing Controlled Unclassified Information (CUI) within the framework of CMMC compliance. They explore the challenges of physical boundaries, the role of personnel in safeguarding CUI, and the implications of printing and disposing of sensitive information. The conversation also touches on the nuances of working from home, the importance of training, and the recent DOD FAQs that have stirred debate in the industry. The hosts emphasize the need for businesses to understand their responsibilities and the potential pitfalls of non-compliance.

DoD FAQ link: https://dodcio.defense.gov/Portals/0/Documents/CMMC/CMMC-FAQsv4.pdf

NIST 800-88 link: https://csrc.nist.gov/pubs/sp/800/88/r2/final

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/

Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/

Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of "Climbing Mount CMMC," hosts Kaleigh Floyd and Bobby Guerra delve into the intricacies of preparing for a CMMC Level 2 assessment, particularly focusing on the role of external service providers (ESPs) and Managed Service Providers (MSPs). They emphasize the importance of selecting a provider who not only understands the CMMC requirements but has also successfully guided clients through the assessment process. Kaleigh shares her personal experiences with contractors who have been misled by providers, likening the situation to being an Uber driver rather than a coach in a race. Bobby adds that understanding the CMMC controls at a referee level is crucial for any provider aiming to assist clients effectively. The conversation progresses to practical advice on how to vet potential providers, including asking about their experience with assessments, their understanding of NIST 800-171 controls, and the tools they use. Kaleigh and Bobby stress the necessity of having a customer responsibility matrix and a clear agreement that outlines the roles and responsibilities of both the provider and the client. They conclude by encouraging listeners to ask the right questions to avoid wasting time and resources, ensuring they choose a provider who can genuinely support them through the CMMC certification journey.

Link to see our upcoming events: https://www.axiom.tech/upcoming-events/

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/

Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/

Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode of Climbing Mount CMMC, hosts Bobby and Kaleigh discuss the critical topic of self-attestation for CMMC level two requirements. They explore the evolution of self-attestation, the risks associated with misrepresentation, and the importance of accountability in the self-assessment process. The conversation emphasizes the need for organizations to prepare adequately for self-attestation, including having a solid system security plan and the necessary evidence to support their claims. The hosts also highlight the potential consequences of failing to comply with these requirements, including the role of whistleblowers and the importance of leadership taking these matters seriously.

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/

Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/

Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh and Bobby discuss the significant changes and challenges that companies will face in 2026 regarding CMMC compliance. They delve into the implications of new CMMC Level 2 requirements, the importance of self-assessments versus third-party assessments, and the potential consequences of non-compliance. The conversation also touches on the risks of false claims and whistleblowing, the expected timeframes for achieving compliance, and the impact of resource contention on costs. Finally, they emphasize the importance of finding the right Managed Service Provider (MSP) to navigate these challenges effectively.

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/

Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/

Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/

In this episode, Kaleigh Floyd and Bobby Guerra discuss the intricacies of change management within Managed Service Providers (MSPs) and its critical role in ensuring compliance with CMMC standards. They emphasize the importance of leadership buy-in, effective training for both client and internal staff, and the necessity of a structured change approval process. The conversation also highlights the challenges MSPs face in navigating client expectations while maintaining compliance, and the need for thorough tracking of change requests to prepare for assessments.

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/

Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/

Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/