https://cmmc-elysian.jellypod.comPowered by Jellypod (https://www.jellypod.com)Thu, 28 May 2026 10:49:54 GMTFri, 11 Jul 2025 14:47:38 GMTyesa615cc29-4f63-4949-a363-2825116c8d1fJellypodThis podcast contains dialog, voices and materials that are generated by Artificial Intelligence tools, but reviewed and published by the creator. Welcome to CMMC Unlocked, the definitive podcast for defense contractors, cybersecurity professionals, and This podcast contains dialog, voices and materials that are generated by Artificial Intelligence tools, but reviewed and published by the creator. Welcome to CMMC Unlocked, the definitive podcast for defense contractors, cybersecurity professionals, and compliance leaders navigating the complex world of the Cybersecurity Maturity Model Certification (CMMC). Hosted by a seasoned Certified CMMC Assessor and Instructor with years of hands-on experience in assessments, gap analyses, and implementation services, this series pulls back the curtain on what it really takes to achieve and maintain CMMC compliance. This podcast contains dialog, voices and materials that are generated by Artificial Intelligence tools, but reviewed and published by the creator. Each episode dives deep into the practical realities of CMMC—from interpreting the latest updates from the DoD and Cyber-AB, to demystifying assessment criteria, to sharing real-world lessons learned from the field. Whether you're a small business just starting your compliance journey or a prime contractor preparing for a Level 2 assessment, this podcast delivers actionable insights, expert interviews, and strategic guidance to help you succeed. What You’ll Learn: How to prepare for a CMMC assessment (and what assessors are really looking for) Common pitfalls and how to avoid them Implementation strategies that work for organizations of all sizes Updates on CMMC rulemaking, timelines, and policy changes Stories from the field: anonymized case studies and lessons learned Why Listen? Because compliance isn’t just about checking boxes—it’s about protecting our national defense supply chain. And no one understands that better than someone who’s been in the trenches, guiding organizations from uncertainty to certification. (Powered by Jellypod)episodicJellypodfeed+6939f554@podcasts.jellypod.comfalsehttps://cmmc-elysian.jellypod.com/episodes/21f36574-a42b-4fd6-9036-c8efb26aac6121f36574-a42b-4fd6-9036-c8efb26aac61Tue, 26 May 2026 11:44:55 GMT43JellypodThis episode breaks down how Controlled Unclassified Information evolved from a patchwork of agency labels into a single federal framework under Executive Order 13556, NARA, and DoDI 5200.48. It also explains how technical data controls, distribution statThis episode breaks down how Controlled Unclassified Information evolved from a patchwork of agency labels into a single federal framework under Executive Order 13556, NARA, and DoDI 5200.48. It also explains how technical data controls, distribution statements, and DFARS clauses turn policy into enforceable contractor obligations.false00:14:17fullhttps://cmmc-elysian.jellypod.com/episodes/b6cf3330-2cc7-4981-9252-2dc22aa85afbb6cf3330-2cc7-4981-9252-2dc22aa85afbWed, 20 May 2026 20:19:19 GMT42JellypodEric, Paul, and Roz unpack why the DoD—not the contractor—bears the burden of identifying and marking CUI, and why accepting unlabelled data can create serious compliance and False Claims Act exposure.They also trace how DFARS clauses, NIST SP 800-171, anEric, Paul, and Roz unpack why the DoD—not the contractor—bears the burden of identifying and marking CUI, and why accepting unlabelled data can create serious compliance and False Claims Act exposure.They also trace how DFARS clauses, NIST SP 800-171, and pre-award CIO variance approval shape the procurement process and set the system boundaries for CDI, CTI, and CUI.false00:10:43fullhttps://cmmc-elysian.jellypod.com/episodes/888d93a7-6480-4ec8-82b3-bb9a55352898888d93a7-6480-4ec8-82b3-bb9a55352898Mon, 04 May 2026 14:37:02 GMT41JellypodEric Marquette and Paul Netopski, a CMMC expert, break down how to identify CUI, where to look in contract artifacts like CDRLs and DIDs, and why export control, OPSEC, and CPI don’t always mean the same thing. They also cover how to handle unclear or incEric Marquette and Paul Netopski, a CMMC expert, break down how to identify CUI, where to look in contract artifacts like CDRLs and DIDs, and why export control, OPSEC, and CPI don’t always mean the same thing. They also cover how to handle unclear or inconsistent contract language, confirm obligations, and avoid costly marking and protection mistakes.false00:10:45fullhttps://cmmc-elysian.jellypod.com/episodes/0d7f627c-6416-4c09-b54d-ab49b4d46e4d0d7f627c-6416-4c09-b54d-ab49b4d46e4dTue, 28 Apr 2026 16:13:21 GMT40JellypodThis episode breaks down why CMMC success depends on lifecycle planning, from scoping contracts and data flows to building evidence, remediation, and formal assessment readiness. The hosts also dig into real-world scope traps, crosswalking existing controThis episode breaks down why CMMC success depends on lifecycle planning, from scoping contracts and data flows to building evidence, remediation, and formal assessment readiness. The hosts also dig into real-world scope traps, crosswalking existing controls, and why steady-state monitoring matters after certification.false00:09:20fullhttps://cmmc-elysian.jellypod.com/episodes/bf9b97f6-a7b4-43a4-99d1-078d17cd8f3cbf9b97f6-a7b4-43a4-99d1-078d17cd8f3cMon, 20 Apr 2026 18:00:48 GMT39JellypodThis episode breaks down what assessors actually need from your System Security Plan control implementation summary: precise control status, exact evidence references, and the real mechanisms behind each claim. It also explains how to handle scoping, inheThis episode breaks down what assessors actually need from your System Security Plan control implementation summary: precise control status, exact evidence references, and the real mechanisms behind each claim. It also explains how to handle scoping, inheritance, and external services without leaving gaps or ambiguity.false00:08:17fullhttps://cmmc-elysian.jellypod.com/episodes/ca5f201c-905b-4e1c-b62c-32c23a17e8edca5f201c-905b-4e1c-b62c-32c23a17e8edTue, 07 Apr 2026 11:22:54 GMT38JellypodPaul and Roz break down the System and Information Integrity controls in CMMC 3.14.1 through 3.14.7, focusing on flaw remediation, malicious code protection, alert monitoring, scanning, and detecting unauthorized use with assessor-ready evidence.They alsoPaul and Roz break down the System and Information Integrity controls in CMMC 3.14.1 through 3.14.7, focusing on flaw remediation, malicious code protection, alert monitoring, scanning, and detecting unauthorized use with assessor-ready evidence.They also connect the requirements to NIST guidance and Appendix D, showing how SI-2, SI-3, and SI-4 map to real-world policies, tools, tickets, and logs.false00:11:16fullhttps://cmmc-elysian.jellypod.com/episodes/a56af569-bc24-4204-85ea-995f29d21e41a56af569-bc24-4204-85ea-995f29d21e41Mon, 30 Mar 2026 21:19:58 GMT37JellypodThis episode breaks down CMMC System and Communications Protection controls, from defining boundaries and separating public-facing systems to enforcing deny-by-default network rules and stopping split tunneling.It also covers secure design, role separatioThis episode breaks down CMMC System and Communications Protection controls, from defining boundaries and separating public-facing systems to enforcing deny-by-default network rules and stopping split tunneling.It also covers secure design, role separation, shared resource protections, and how to safeguard CUI while it moves across networks.false00:15:16fullhttps://cmmc-elysian.jellypod.com/episodes/154fce8b-79a3-4f3d-a291-778bb42a382b154fce8b-79a3-4f3d-a291-778bb42a382bMon, 23 Mar 2026 18:49:15 GMT36JellypodIn this episode, we break down the three core compliance documents that make the CA domain real in practice: the System Security Plan, the Plan of Action and Milestones, and Continuous Monitoring. We’ll explain what each document is, what it should contaiIn this episode, we break down the three core compliance documents that make the CA domain real in practice: the System Security Plan, the Plan of Action and Milestones, and Continuous Monitoring. We’ll explain what each document is, what it should contain, and how assessors and compliance teams use them together to support CMMC and NIST SP 800-171 implementation.false00:13:30fullhttps://cmmc-elysian.jellypod.com/episodes/37a3acab-5350-4c99-9cda-f37239c2a90637a3acab-5350-4c99-9cda-f37239c2a906Tue, 17 Mar 2026 11:22:32 GMT35JellypodThis episode explores the FCC’s U.S. Cyber Trust Mark for consumer IoT devices and asks a bigger question: what can defense contractors learn from a public-facing cybersecurity label?We break down how the voluntary labeling program works, where it mirrorsThis episode explores the FCC’s U.S. Cyber Trust Mark for consumer IoT devices and asks a bigger question: what can defense contractors learn from a public-facing cybersecurity label?We break down how the voluntary labeling program works, where it mirrors Energy Star, and why familiar cybersecurity signals matter to buyers, regulators, and the broader market. We also examine the practical limits of labels, including consumer misunderstanding, uneven adoption, and the gap between baseline assurances and real-world security outcomes.Finally, we connect the Cyber Trust Mark back to CMMC by showing how both efforts rely on trust signals, documented controls, and evidence-based confidence rather than marketing claims alone.false00:11:27fullhttps://cmmc-elysian.jellypod.com/episodes/cf215c28-ac5f-4f20-adba-6123c938feb9cf215c28-ac5f-4f20-adba-6123c938feb9Tue, 03 Mar 2026 15:23:34 GMT34JellypodIn this episode of CMMC Unlocked, host Paul Netopski breaks down one of the most misunderstood phrases in the new CMMC rule set and CyberAB guidance: “significant changes.” Many small defense contractors and their advisors worry that any major IT or organIn this episode of CMMC Unlocked, host Paul Netopski breaks down one of the most misunderstood phrases in the new CMMC rule set and CyberAB guidance: “significant changes.” Many small defense contractors and their advisors worry that any major IT or organizational change will automatically invalidate a hard‑won Level 2 certification. Paul walks through what the 32 CFR Part 170 preamble, the Level 2 Scoping Guide, and the Level 2 Assessment Guide actually say—and what they don’t.We unpack the distinction between:When “significant architectural or boundary changes” require a new certification assessment, andWhen “significant changes” simply require you to update your CMMC Level 2 self‑assessment and affirmation, in line with your ongoing risk management and change‑management processes.Drawing on earlier episodes about risk assessments and continuous monitoring, Paul offers practical guidance for small DIB organizations and consultants on how to:Define what “significant change” means for your environment using NIST SP 800‑37, 800‑53, and 800‑53A concepts.Build change‑management checkpoints that flag potential CMMC impact early.Decide when a change triggers a new self‑assessment and SPRS update versus when it’s covered by your annual affirmation.Keep your System Security Plan, asset inventory, and CMMC Assessment Scope aligned as your environment evolves.If you’re worried that a tech refresh, cloud migration, or acquisition will blow up your CMMC status, this episode will help you separate rumor from requirement and integrate “significant change” into a mature, risk‑based compliance program.false00:17:01fullhttps://cmmc-elysian.jellypod.com/episodes/afe85327-e897-46d7-9ba5-11f2422ceeb4afe85327-e897-46d7-9ba5-11f2422ceeb4Tue, 03 Mar 2026 13:11:58 GMT33JellypodA practical how-to episode on the CMMC 2.0 Level 2 Risk Assessment (RA) domain for defense contractors. Paul Netopski and Roz the Rulemaker walk through the three RA practices from NIST SP 800-171 (3.11.1, 3.11.2, 3.11.3), show how to build and use a RiskA practical how-to episode on the CMMC 2.0 Level 2 Risk Assessment (RA) domain for defense contractors. Paul Netopski and Roz the Rulemaker walk through the three RA practices from NIST SP 800-171 (3.11.1, 3.11.2, 3.11.3), show how to build and use a Risk Management Policy aligned to NIST and ISO 31000, and connect risk assessment to real-world threats, third-party risks, business risk appetite, and change management. The hosts reference prior episodes on Configuration/Change Management and other domains to help contractors integrate risk into everyday decisions about people, places, and technology in CUI scope.false00:22:35fullhttps://cmmc-elysian.jellypod.com/episodes/7a988e13-9707-48c4-adad-7f039e0685537a988e13-9707-48c4-adad-7f039e068553Wed, 28 Jan 2026 23:14:05 GMT32JellypodExplore the critical personnel security requirements within NIST SP800-171 and CMMC 2.0 Level 2 standards. Learn practical processes for screening, onboarding, and access approvals, and uncover the nuances between standard employment screening and federalExplore the critical personnel security requirements within NIST SP800-171 and CMMC 2.0 Level 2 standards. Learn practical processes for screening, onboarding, and access approvals, and uncover the nuances between standard employment screening and federal background investigations to safeguard Controlled Unclassified Information.false00:11:40fullhttps://cmmc-elysian.jellypod.com/episodes/0b1797bc-1db9-41cb-b525-42ebe1a877d90b1797bc-1db9-41cb-b525-42ebe1a877d9Tue, 20 Jan 2026 12:33:57 GMT31JellypodDive into essential physical security controls within CMMC 2.0, from access management to safeguarding support infrastructure. Learn real-world lessons from defense contractors who strengthened facility security and avoided common pitfalls.Dive into essential physical security controls within CMMC 2.0, from access management to safeguarding support infrastructure. Learn real-world lessons from defense contractors who strengthened facility security and avoided common pitfalls.false00:14:42fullhttps://cmmc-elysian.jellypod.com/episodes/2d90d5a8-6c20-499a-a4b8-1816705a45232d90d5a8-6c20-499a-a4b8-1816705a4523Tue, 13 Jan 2026 20:13:00 GMT30JellypodExplore key strategies for protecting Controlled Unclassified Information across physical and digital media. Learn practical approaches to handling, marking, encryption, and auditing that ensure compliance and safeguard your organization.Explore key strategies for protecting Controlled Unclassified Information across physical and digital media. Learn practical approaches to handling, marking, encryption, and auditing that ensure compliance and safeguard your organization.false00:12:24fullhttps://cmmc-elysian.jellypod.com/episodes/edfa6c73-f06b-4285-ba1a-0922d62ba8f5edfa6c73-f06b-4285-ba1a-0922d62ba8f5Mon, 05 Jan 2026 16:57:44 GMT29JellypodThis episode guides listeners through key aspects of Covered Defense Information (CDI), from core definitions and marking requirements to contract data rights and procurement compliance. Hosts Eric, Paul, and Roz break down regulations, risks, and real-woThis episode guides listeners through key aspects of Covered Defense Information (CDI), from core definitions and marking requirements to contract data rights and procurement compliance. Hosts Eric, Paul, and Roz break down regulations, risks, and real-world examples to help users, product owners, and procurement staff safeguard sensitive information effectively.false00:13:08fullhttps://cmmc-elysian.jellypod.com/episodes/60beb8bc-c403-46e5-bedf-2b4b3827745e60beb8bc-c403-46e5-bedf-2b4b3827745eTue, 23 Dec 2025 15:38:11 GMT28JellypodJoin Eric, Paul, and Roz as they break down the CMMC Level 2 Maintenance (MA) family: what each control requires, implementation strategies, and special considerations when working with Managed Service Providers. Discover how MA controls intersect with otJoin Eric, Paul, and Roz as they break down the CMMC Level 2 Maintenance (MA) family: what each control requires, implementation strategies, and special considerations when working with Managed Service Providers. Discover how MA controls intersect with other CMMC families, and how third-party maintenance impacts your compliance journey.false00:09:32fullhttps://cmmc-elysian.jellypod.com/episodes/62fd8251-698e-4de2-b93a-d6155e6d4c8462fd8251-698e-4de2-b93a-d6155e6d4c84Mon, 15 Dec 2025 22:40:30 GMT27JellypodDive deep into the False Claims Act, the Civil Cyber-Fraud Initiative, and how lapses in cybersecurity compliance with DFARS and NIST SP 800-171 can lead to hefty fines. Our hosts unpack how qui tam whistleblowers bring these cases to light by exploring hDive deep into the False Claims Act, the Civil Cyber-Fraud Initiative, and how lapses in cybersecurity compliance with DFARS and NIST SP 800-171 can lead to hefty fines. Our hosts unpack how qui tam whistleblowers bring these cases to light by exploring high-profile settlements, revealing the potential for severe financial and reputational fallout across the defense contracting world. None of these cases have involved our clients, but the lessons are critical for everyone navigating cybersecurity compliance.false00:11:25fullhttps://cmmc-elysian.jellypod.com/episodes/15879154-666f-4d24-a147-57453d9e2b9c15879154-666f-4d24-a147-57453d9e2b9cMon, 08 Dec 2025 14:00:57 GMT26JellypodIncident Response for NIST CSF 2.0, NIST SP800-171r2 and CMMC 2.13Incident Response for NIST CSF 2.0, NIST SP800-171r2 and CMMC 2.13false00:15:57fullhttps://cmmc-elysian.jellypod.com/episodes/185636c6-3508-4634-b263-2c52277b1518185636c6-3508-4634-b263-2c52277b1518Mon, 01 Dec 2025 22:39:00 GMT25JellypodExplore how awareness and training align with NIST SP800-171 security controls. We break down each control, connect them to specific CDSE course catalog options, and discuss assessment objectives crucial for defense contractors and cybersecurity teams.Explore how awareness and training align with NIST SP800-171 security controls. We break down each control, connect them to specific CDSE course catalog options, and discuss assessment objectives crucial for defense contractors and cybersecurity teams.false00:11:38fullhttps://cmmc-elysian.jellypod.com/episodes/48961ee6-2830-4eb2-8125-818b60f4c6f648961ee6-2830-4eb2-8125-818b60f4c6f6Mon, 01 Dec 2025 22:34:53 GMT24JellypodExplore the Audit and Accountability (AU) domain of NIST SP 800-171 with actionable strategies for compliance in defense contracting. Dive into the essentials of system audit logs, open-source accountability tools, and best practices for working with MSSPExplore the Audit and Accountability (AU) domain of NIST SP 800-171 with actionable strategies for compliance in defense contracting. Dive into the essentials of system audit logs, open-source accountability tools, and best practices for working with MSSPs. Learn how to create a robust monitoring program to detect and respond to unauthorized activity while meeting regulatory demands.false00:12:35fullhttps://cmmc-elysian.jellypod.com/episodes/4fdb87fe-a167-4a14-8c7e-51d1809b230d4fdb87fe-a167-4a14-8c7e-51d1809b230dMon, 01 Dec 2025 14:39:46 GMT23JellypodEric, Paul, and Roz break down one of the most debated aspects of CMMC 2.0 compliance: when exactly multifactor authentication must be enforced for users and administrators. The team references NIST SP800-171, SP800-53, and practical deployment scenarios—Eric, Paul, and Roz break down one of the most debated aspects of CMMC 2.0 compliance: when exactly multifactor authentication must be enforced for users and administrators. The team references NIST SP800-171, SP800-53, and practical deployment scenarios—exploring the nuanced requirements around MFA, Kerberos, and different types of system access. Real-world examples and lessons learned bring much-needed clarity to a common challenge in identification and authentication.false00:13:36fullhttps://cmmc-elysian.jellypod.com/episodes/3370c3f6-7d3f-4123-9d7d-5ca01029c4503370c3f6-7d3f-4123-9d7d-5ca01029c450Mon, 24 Nov 2025 14:11:28 GMT22JellypodDive deep into the fundamentals of configuration management for NIST SP800-171 compliance. This episode covers why a Configuration Management Plan matters, explores policy requirements, and examines baseline examples for applications, firmware, hardware, Dive deep into the fundamentals of configuration management for NIST SP800-171 compliance. This episode covers why a Configuration Management Plan matters, explores policy requirements, and examines baseline examples for applications, firmware, hardware, and operating systems.false00:13:51fullhttps://cmmc-elysian.jellypod.com/episodes/e93bae75-9d4f-4d0c-9af7-ddc4953eec56e93bae75-9d4f-4d0c-9af7-ddc4953eec56Tue, 18 Nov 2025 12:55:43 GMT21JellypodExplore how an Acceptable Use Policy (AUP) underpins compliance for CMMC Level 2. We'll break down key NIST SP800-171 requirements that users need to understand, and discuss how communicating policy expectations empowers organizations to enforce controls Explore how an Acceptable Use Policy (AUP) underpins compliance for CMMC Level 2. We'll break down key NIST SP800-171 requirements that users need to understand, and discuss how communicating policy expectations empowers organizations to enforce controls and drive accountability.false00:10:09fullhttps://cmmc-elysian.jellypod.com/episodes/4025bae3-8537-4a15-a374-4aa75b449aea4025bae3-8537-4a15-a374-4aa75b449aeaFri, 14 Nov 2025 12:58:49 GMT20JellypodThis episode unpacks the elimination of the basic and derived security requirement distinction in NIST SP 800-171 revision 3, the assessment methodologies surrounding them, and the practical effects on DoD contractors, especially primes managing supplier This episode unpacks the elimination of the basic and derived security requirement distinction in NIST SP 800-171 revision 3, the assessment methodologies surrounding them, and the practical effects on DoD contractors, especially primes managing supplier risk. Our hosts dive into how the structure of NIST SP 800-171 assessments has evolved, the rationale for the new approach, and what subcontractors and primes alike can expect under the updated rules.false00:10:40fullhttps://cmmc-elysian.jellypod.com/episodes/724b5fd0-f062-43d4-981f-66658d84eded724b5fd0-f062-43d4-981f-66658d84ededMon, 20 Oct 2025 13:00:49 GMT19JellypodExplore the essentials of the NIST SP800-171 System Security Plan (SSP), the key requirements from NIST SP800-53r5, and recommended sections to create a plan that's truly fit for your organization. We'll break down what must be included, what can be addedExplore the essentials of the NIST SP800-171 System Security Plan (SSP), the key requirements from NIST SP800-53r5, and recommended sections to create a plan that's truly fit for your organization. We'll break down what must be included, what can be added for clarity, and how to make your SSP a practical tool for security and compliance.falsefullhttps://cmmc-elysian.jellypod.com/episodes/15751fc9-7023-4b6f-a1a1-6f4335d7685715751fc9-7023-4b6f-a1a1-6f4335d76857Wed, 15 Oct 2025 16:42:52 GMT18JellypodThis episode dives into the essentials of incident response plans required by NIST standards, explores best practices and testing, and highlights how to leverage providers like Vertek and your MSSP for superior readiness. Our hosts break down actionable sThis episode dives into the essentials of incident response plans required by NIST standards, explores best practices and testing, and highlights how to leverage providers like Vertek and your MSSP for superior readiness. Our hosts break down actionable steps, useful examples, and real-world MSSP integration strategies, making your compliance journey clear and manageable.falsefullhttps://cmmc-elysian.jellypod.com/episodes/7250303c-4891-4c5b-ae3c-623c188b42667250303c-4891-4c5b-ae3c-623c188b4266Wed, 15 Oct 2025 16:26:53 GMT17JellypodExplore how Bridgewater State University's Cyber Range revolutionizes cybersecurity training, making incident response testing more immersive than traditional tabletop exercises. Hear insights on simulating real attacks, following NIST guidance, and how oExplore how Bridgewater State University's Cyber Range revolutionizes cybersecurity training, making incident response testing more immersive than traditional tabletop exercises. Hear insights on simulating real attacks, following NIST guidance, and how organizations can use this environment for CMMC and real-world readiness.falsefullhttps://cmmc-elysian.jellypod.com/episodes/2d2ddaca-4cc4-4204-82ea-545bdd0bd98e2d2ddaca-4cc4-4204-82ea-545bdd0bd98eTue, 07 Oct 2025 12:35:59 GMT16JellypodThis episode unpacks how the DoD's cloud security requirements come together across SRGs, STIGs, and CMMC, clarifying regulatory foundations, Impact Levels, and the real-world implications for cloud service providers and mission owners. The hosts decode rThis episode unpacks how the DoD's cloud security requirements come together across SRGs, STIGs, and CMMC, clarifying regulatory foundations, Impact Levels, and the real-world implications for cloud service providers and mission owners. The hosts decode recent changes, practical responsibilities, and the intersection of CMMC with FedRAMP, NIST, and DFARS. Whether you’re a DoD contractor, a cloud service provider, or a compliance leader, get the plain-English guidance you need to understand the nuances of today’s cloud compliance landscape.falsefullhttps://cmmc-elysian.jellypod.com/episodes/56d8611d-9a79-43f0-82e2-03e5c7447beb56d8611d-9a79-43f0-82e2-03e5c7447bebTue, 07 Oct 2025 12:24:18 GMT15JellypodJoin Eric, Ruby, Paul, and Roz as they break down the NIST IR 8286 series and SP 800-30 guidance for cybersecurity risk assessment. This episode explores how to set enterprise risk appetite, create and score risk scenarios (including threats and vulnerabiJoin Eric, Ruby, Paul, and Roz as they break down the NIST IR 8286 series and SP 800-30 guidance for cybersecurity risk assessment. This episode explores how to set enterprise risk appetite, create and score risk scenarios (including threats and vulnerabilities), use business impact analysis for prioritization, and aggregate, monitor, and report risks for executive risk decisions. The team uses relatable examples and practical case studies to show how to turn risk analysis into real-world, risk-based decisions.falsefullhttps://cmmc-elysian.jellypod.com/episodes/efbf4342-863b-4e15-8bf4-99a39e68909aefbf4342-863b-4e15-8bf4-99a39e68909aMon, 06 Oct 2025 12:42:55 GMT14JellypodThis episode explores the essential supporting documents and general procedures needed for the Access Control Family under CMMC. Learn which records are vital, how to structure compliant procedures, and practical tips for streamlined documentation. Hear rThis episode explores the essential supporting documents and general procedures needed for the Access Control Family under CMMC. Learn which records are vital, how to structure compliant procedures, and practical tips for streamlined documentation. Hear real-world insights and specific examples from seasoned practitioners and compliance experts.falsefullhttps://cmmc-elysian.jellypod.com/episodes/e2657e67-9ac5-41ae-a77b-b28cc8ea2143e2657e67-9ac5-41ae-a77b-b28cc8ea2143Fri, 26 Sep 2025 14:42:25 GMT13JellypodThis episode breaks down how the NIST AI Risk Management Framework (AI RMF 1.0) supports a robust, continual approach to AI risk assessment, with a special focus on how to meet NIST SP 800-171 rev 2 control 3.11.1 for assessing risk to CUI. We connect speThis episode breaks down how the NIST AI Risk Management Framework (AI RMF 1.0) supports a robust, continual approach to AI risk assessment, with a special focus on how to meet NIST SP 800-171 rev 2 control 3.11.1 for assessing risk to CUI. We connect specific core functions of the AI RMF—Govern, Map, Measure, and Manage—to compliance requirements and practical periodic risk reviews in organizations running or deploying AI systems.falsefullhttps://cmmc-elysian.jellypod.com/episodes/bc28b205-c3fa-4fdd-9aa4-1e0ad39d2b67bc28b205-c3fa-4fdd-9aa4-1e0ad39d2b67Mon, 22 Sep 2025 11:45:50 GMT12JellypodExplore how incident response requirements from DFARS 252.204-7012 and NIST SP800-171 complement and amplify each other. Our experts dissect what each demands, how they mesh in practice, and what that means for defense contractors. This episode highlightsExplore how incident response requirements from DFARS 252.204-7012 and NIST SP800-171 complement and amplify each other. Our experts dissect what each demands, how they mesh in practice, and what that means for defense contractors. This episode highlights actionable steps and noticeable pitfalls, with real-life examples from industry and government.falsefullhttps://cmmc-elysian.jellypod.com/episodes/a3862ba5-8f19-4d1a-bf4c-c3f5e54fcf7fa3862ba5-8f19-4d1a-bf4c-c3f5e54fcf7fFri, 19 Sep 2025 15:03:18 GMT11JellypodWhat does the final year before full CMMC implementation look like? In this episode, we explore the definitive schedule, key requirements, and what defense contractors should expect as the November 10, 2025 effective date for DFARS 204.75 approaches.What does the final year before full CMMC implementation look like? In this episode, we explore the definitive schedule, key requirements, and what defense contractors should expect as the November 10, 2025 effective date for DFARS 204.75 approaches.falsefullhttps://cmmc-elysian.jellypod.com/episodes/4748c813-420e-45fd-9039-b08877adecde4748c813-420e-45fd-9039-b08877adecdeMon, 08 Sep 2025 21:50:44 GMT10JellypodThis episode unpacks the complete journey to CMMC/NIST SP 800-171 compliance, breaking down the phases, expected timelines, and real-world costs using authoritative federal guidance and hands-on field experience. Drawing from key federal regulations and tThis episode unpacks the complete journey to CMMC/NIST SP 800-171 compliance, breaking down the phases, expected timelines, and real-world costs using authoritative federal guidance and hands-on field experience. Drawing from key federal regulations and the Critical Prism Defense whitepaper, we deliver facts and planning models for organizations at any starting point.falsefullhttps://cmmc-elysian.jellypod.com/episodes/6fef57cb-0ab0-4741-af71-ab796db085676fef57cb-0ab0-4741-af71-ab796db08567Mon, 08 Sep 2025 17:49:19 GMT9JellypodThe team unpacks the next phases now that 48 CFR Subpart 204.75 has cleared OIRA review, mapping out what’s ahead for activation and enforcement—including the practical timeline to a live, enforceable CMMC rule. Special focus is given to rulemaking milestThe team unpacks the next phases now that 48 CFR Subpart 204.75 has cleared OIRA review, mapping out what’s ahead for activation and enforcement—including the practical timeline to a live, enforceable CMMC rule. Special focus is given to rulemaking milestones, contract impacts, and how the DoD’s phase-in policy shapes when CMMC compliance becomes required for defense contractors.falsefullhttps://cmmc-elysian.jellypod.com/episodes/b202ddad-b027-4dd7-a3cb-d9afd11f6e8cb202ddad-b027-4dd7-a3cb-d9afd11f6e8cFri, 29 Aug 2025 13:30:42 GMT8JellypodThis episode breaks down the Department of Defense’s recent decision on when contractors can self-assess for CMMC Level 2, and when a third-party assessment is required. The hosts clarify how the NARA and DoD CUI registries impact assessment requirements,This episode breaks down the Department of Defense’s recent decision on when contractors can self-assess for CMMC Level 2, and when a third-party assessment is required. The hosts clarify how the NARA and DoD CUI registries impact assessment requirements, and explain why ACAT categories are no longer the dividing line.falsefullhttps://cmmc-elysian.jellypod.com/episodes/7e20591b-f580-4df6-a7b5-564deed106fa7e20591b-f580-4df6-a7b5-564deed106faFri, 29 Aug 2025 12:23:38 GMT7JellypodEric, Ruby, Paul, and Roz explore the unique CMMC compliance complexities that arise when a Managed Security Service Provider (MSSP) delivers a Security Operations Center (SOC), SIEM, and SOAR—especially when CUI and privileged access are in play. Using rEric, Ruby, Paul, and Roz explore the unique CMMC compliance complexities that arise when a Managed Security Service Provider (MSSP) delivers a Security Operations Center (SOC), SIEM, and SOAR—especially when CUI and privileged access are in play. Using real examples and asset categories from the latest CMMC scoping guides, the hosts dig into scoping, asset classification, and responsibilities.falsefullhttps://cmmc-elysian.jellypod.com/episodes/6ccc704a-b25c-4cc6-b4ad-f66b9016e5146ccc704a-b25c-4cc6-b4ad-f66b9016e514Mon, 18 Aug 2025 21:26:55 GMT6JellypodReview of CMMC Scoping guides. In this episode we dive into the CMMC L2 Scoping guide and provide a summary of the categories and details within.Review of CMMC Scoping guides. In this episode we dive into the CMMC L2 Scoping guide and provide a summary of the categories and details within.falsefullhttps://cmmc-elysian.jellypod.com/episodes/57a887a9-9fe2-4131-8af0-51f9cca12cd557a887a9-9fe2-4131-8af0-51f9cca12cd5Thu, 14 Aug 2025 13:50:14 GMT5JellypodDive into how risk assessments underpin NIST SP 800-171 compliance, with a focus on control 3.11.1. Our expert hosts break down what assessors look for, walk through real-world approaches, and share lessons learned from the field.Dive into how risk assessments underpin NIST SP 800-171 compliance, with a focus on control 3.11.1. Our expert hosts break down what assessors look for, walk through real-world approaches, and share lessons learned from the field.falsefullhttps://cmmc-elysian.jellypod.com/episodes/16b141f1-7a14-4f6b-8b49-14e80d5032cf16b141f1-7a14-4f6b-8b49-14e80d5032cfFri, 25 Jul 2025 16:26:03 GMT4JellypodDive into the federal rulemaking process and how it shapes cybersecurity requirements for defense contractors. This episode explores how the 32 CFR 170 rule went from concept to implementation, and previews how the forthcoming 48 CFR 204 changes may folloDive into the federal rulemaking process and how it shapes cybersecurity requirements for defense contractors. This episode explores how the 32 CFR 170 rule went from concept to implementation, and previews how the forthcoming 48 CFR 204 changes may follow that path. Hear practical insights relevant for anyone in federal compliance, cybersecurity, and defense acquisition.falsefullhttps://cmmc-elysian.jellypod.com/episodes/5d5a8339-ba7b-482d-b5e9-206576e9ed1a5d5a8339-ba7b-482d-b5e9-206576e9ed1aMon, 14 Jul 2025 16:35:53 GMT3JellypodExplore how continuous CMMC monitoring transforms cybersecurity for defense contractors and compliance teams. Discover essential strategies, real-time tools, and practical steps for maintaining readiness in a dynamic threat landscape.Explore how continuous CMMC monitoring transforms cybersecurity for defense contractors and compliance teams. Discover essential strategies, real-time tools, and practical steps for maintaining readiness in a dynamic threat landscape.falsefullhttps://cmmc-elysian.jellypod.com/episodes/fa9efc77-8d7b-48cd-be7e-158ef02c70bbfa9efc77-8d7b-48cd-be7e-158ef02c70bbSun, 13 Jul 2025 12:50:29 GMT2JellypodExplore the phased rollout of CMMC 2.0, how the new rules impact defense contractors, and what it takes to maintain compliance. Our hosts break down the assessment process, key requirements, and real-world implications—plus, share surprising insights and Explore the phased rollout of CMMC 2.0, how the new rules impact defense contractors, and what it takes to maintain compliance. Our hosts break down the assessment process, key requirements, and real-world implications—plus, share surprising insights and practical examples from the field.falsefullhttps://cmmc-elysian.jellypod.com/episodes/1d7d9cd6-bc15-4fac-9a6c-8db925a4b97a1d7d9cd6-bc15-4fac-9a6c-8db925a4b97aSun, 13 Jul 2025 12:46:34 GMT1JellypodThis episode uncovers how organizations in the defense sector can identify, handle, and protect Controlled Unclassified Information (CUI), Covered Defense Information (CDI), and Controlled Technical Information (CTI). We examine contract requirements, marThis episode uncovers how organizations in the defense sector can identify, handle, and protect Controlled Unclassified Information (CUI), Covered Defense Information (CDI), and Controlled Technical Information (CTI). We examine contract requirements, marking guidance, and the latest resources to help contractors navigate CMMC compliance and data rights management.falsefull