Say WHAT? – Inside the Mind of a CMMC Certified Assessor (E03b)
Over the next 4 years DoD will be ramping up both the number of contracts that include and the compliance levels associated with its Cybersecurity Maturity Model Certification (“CMMC”) program. We’re squarely in Year 1 now, and Year 2 begins in a November 2026. This year, companies have only needed to self-assess their environments and promise DoD that they meet the appropriate CMMC requirements.
In Year 2, the CMMC program pivots to needing third-party compliance validation assessments. That brings with it a lot of uncertainty. How can an organization feel confident that its CMMC compliance program will pass muster with a CMMC Certified Assessor?
In this session, James Goepel, an attorney, Lead CMMC Certified Assessor, CMMC Provisional Instructor, and author, will walk you through what to expect during an assessment. Topics include:
* Understanding NIST SP 800-171 requirements
* Key words and phrases to watch out for
* The flow of a CMMC Certification Assessment
* What kinds of evidence should be on hand
* A deep dive into AC.L1-3.1.1