Getting CMMC Right: Scope, Budget, and Certification Tips

00:00

0.5
1
1.25
1.5
1.75
2

This is a podcast episode titled, Getting CMMC Right: Scope, Budget, and Certification Tips. The summary for this episode is: Think compliance is just an IT problem? It’s a revenue problem, too. Without it, some contracts will stay out of reach. In this episode,<a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank"> Jara Rowe</a> talks with <a href="https://www.linkedin.com/in/thomas-greco-9105994/" rel="noopener noreferrer" target="_blank">Tom Greco</a>, vCISO at Trava Security, about what companies need to know about the Cybersecurity Maturity Model Certification (CMMC). It’s a Department of Defense requirement that verifies whether companies are securely handling Controlled Unclassified Information (CUI). Tom Greco explains what CMMC involves, how scoping affects your readiness, and how to maintain compliance over time. In short, if you want to win or keep federal contracts, CMMC compliance isn’t optional. Key takeaways:<ul><li>What CMMC is and why it exists</li><li>The importance of accurate scoping</li><li>Tools and tips to maintain CMMC compliance</li></ul> Episode highlights:(00:00) Today’s topic: What is CMMC?(02:20) What CMMC means for your business(06:05) The nuances of scoping(10:07) How contracts set your CMMC level (13:44) Self-assessment vs third-party audits(17:36) Maintaining CMMC compliance over time(22:17) Perform gap assessments ASAP Connect with the host:Jara Rowe’s LinkedIn - <a href="https://www.linkedin.com/in/jararowe/" rel="noopener noreferrer" target="_blank">@jararowe</a> Connect with the guest:Thomas Greco’s LinkedIn - <a href="https://www.linkedin.com/in/thomas-greco-9105994/" rel="noopener noreferrer" target="_blank">@thomas-greco</a> Connect with Trava:Website - <a href="http://www.travasecurity.com" rel="noopener noreferrer" target="_blank">www.travasecurity.com</a>Blog -<a href="http://www.travasecurity.com/learn-with-trava/blog" rel="noopener noreferrer" target="_blank"> www.travasecurity.com/learn-with-trava/blog</a>LinkedIn - <a href="https://www.linkedin.com/company/travasecurity/" rel="noopener noreferrer" target="_blank">@travasecurity</a>YouTube - <a href="https://www.youtube.com/@travasecurity" rel="noopener noreferrer" target="_blank">@travasecurity</a>

Key Takeaways

Today’s topic: What is CMMC?

00:30 MIN

What CMMC means for your business

01:29 MIN

The nuances of scoping

03:35 MIN

How contracts set your CMMC level

00:24 MIN

Self-assessment vs third-party audits

02:18 MIN

Maintaining CMMC compliance over time

01:08 MIN

Perform gap assessments ASAP

01:15 MIN

CMMC defined

01:00 MIN

The Cyber AB: A resource for understanding CMMC

00:19 MIN

The DoD requires CMMC

00:20 MIN

DESCRIPTION

Think compliance is just an IT problem? It’s a revenue problem, too. Without it, some contracts will stay out of reach.

In this episode, Jara Rowe talks with Tom Greco, vCISO at Trava Security, about what companies need to know about the Cybersecurity Maturity Model Certification (CMMC). It’s a Department of Defense requirement that verifies whether companies are securely handling Controlled Unclassified Information (CUI). Tom Greco explains what CMMC involves, how scoping affects your readiness, and how to maintain compliance over time. In short, if you want to win or keep federal contracts, CMMC compliance isn’t optional.

Key takeaways: