Submit any questions you would like answered on the podcast! 🆓 Need help getting your SPRS score to 110? Schedule your free SPRS Roadmap Session and get a step-by-step plan to close gaps and stay defensible: 👉 https://cmmccomplianceguide.com/free-sprs-roadmap The Department of Defense just issued a critical cybersecurity memo—and it's not just for the Lockheeds and Raytheons. In this episode, we break down what small and mid-sized DoD contractors must do now to respond to rising cyber threats—even amid headlines of ceasefire. From multi-factor authentication and patching systems to cloud security guidance and SPRS score readiness, we walk you through the exact steps your organization needs to take. Resources Mentioned: Memo: https://media.licdn.com/dms/document/media/v2/D561FAQFbAPookqu2zw/feedshare-document-pdf-analyzed/B56ZefAj13HoAY-/0/1750719415748?e=1751500800&v=beta&t=O6aY3UDi5ijLTGOa6RP4xAWABMPZh-ZKRkXRikiCywg https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://www.cisa.gov/news-events/directives/bod-25-01-implementing-secure-practices-cloud-services https://www.cisa.gov/cyber-hygiene-services https://www.nsa.gov/About/Cybersecurity-Collaboration-Center/DIB-Cybersecurity-Services/ https://www.dc3.mil/Missions/DIB-Cybersecurity/DCISE-Resources/ #CMMC #DODCompliance #CyberSecurity #SPRS #DefenseContractor #CyberThreats #NIST800171 #CMMCComplianceGuide…

Submit any questions you would like answered on the podcast! Why is CMMC compliance so expensive—especially for small businesses? In this episode of the CMMC Compliance Guide Podcast , Austin and Brooke from Justice IT Consulting break down what really drives up the cost of CMMC and NIST 800-171 compliance, and more importantly—how you can cut costs without cutting corners . We cover: The four stages of compliance cost: paperwork, project work, ongoing maintenance, and assessments What assessors can and can’t help with Enclave strategies that can save you thousands Why smaller companies feel a heavier burden—and how to manage it Smart scoping, VDI, and how not to overspend on your CMMC journey If you’re trying to balance compliance with a tight budget, this episode is a must-listen. 👉 Need help or have questions? Contact us for free advice at CMMCComplianceGuide.com . 🔔 Don’t forget to like, subscribe, and share!…

Submit any questions you would like answered on the podcast! Is your CMMC scope setting you up for success—or failure? In this episode of the CMMC Compliance Guide , Brooke and Stacey from Justice IT Consulting break down one of the most misunderstood (and expensive) parts of your compliance journey: scoping . Learn how to define your CUI boundary the right way, avoid common over-scoping mistakes, and streamline your assessment with clear documentation strategies. Whether you're prepping for a formal CMMC assessment or self-assessing for NIST 800-171, this episode gives you real-world insights that can save you time, money, and frustration. 🔍 We cover: What really defines your CMMC scope (it's more than just your server) The hidden risks of over-scoping and cloud blind spots Third-party service provider mistakes that can blow your scope Must-have documentation: data flow diagrams, network diagrams, and asset inventories A practical checklist to get your scope right before the audit 🛠 Need a faster path to compliance without cutting corners? Visit www.CMMCComplianceGuide.com for free resources, expert help, or to book a discovery call.…

Submit any questions you would like answered on the podcast! Missed CEIC West 2025 in Las Vegas? We’ve got your insider recap. In this episode of the CMMC Compliance Guide , Austin and Brooke break down the most critical insights defense contractors need to know—from Katie Arrington’s keynote to real-world flowdown risks, mock assessment walkthroughs, and what AI means for your CUI documentation. If you’re a small or mid-sized DoD contractor trying to stay compliant with CMMC, NIST 800-171, and DFARS, this episode gives you the takeaways that actually matter. 📞 Have questions? Text, call, or email us. We’ll answer them for free on the podcast. 🔗 Visit www.cmmccomplianceguide.com for free resources…

Submit any questions you would like answered on the podcast! Are you sure you're NIST 800-171 compliant? In this episode of the CMMC Compliance Guide Podcast , Austin and Brooke break down the most overlooked NIST 800-171 requirements that continue to trip up DoD contractors—and what you can do today to avoid those costly mistakes. From data flow diagrams to documentation pitfalls, supply chain risks, and misunderstood MFA and logging requirements, this episode is packed with practical insights and actionable takeaways. If you’re pursuing CMMC Level 2 or just trying to boost your SPRS score , this is a must-listen. 💡 You’ll Learn: Why poor scoping is the #1 mistake in compliance How to map your CUI data flow across systems and subcontractors What assessors really expect from your MFA, logging, and risk assessment controls Why your documentation strategy can make or break your assessment What it takes to maintain compliance after you’re “done” How to use the NIST 800-171A Assessment Guide to conduct a real gap analysis The truth about ongoing compliance vs. one-time audits GRC tools, POAMs, and how to build your project roadmap This episode is your self-assessment gut check. Whether you're just starting or already deep into your compliance journey, don’t miss these expert tips. 🔗 For free resources, visit: https://cmmccomplianceguide.com 📅 Meet us at DibCon , June 3–5, in Oklahoma City!…

Submit any questions you would like answered on the podcast! Get the latest insider takeaways from CMMC Day 2025 straight from Washington D.C. In this episode of the CMMC Compliance Guide Podcast , Brooke and Austin break down the most critical updates small and midsized businesses (SMBs) in the defense supply chain need to know now. We cover: ✅ Why CMMC is NOT going away (despite what skeptics think) ✅ Critical mistakes businesses still make with SSPs, scoping, and access control ✅ Real-world assessment horror stories you need to avoid ✅ Why subcontractors can't hide in the supply chain anymore ✅ Tools, technology, and zero trust lessons from the show floor Whether you're a manufacturer, IT lead, or compliance manager, this episode delivers actionable insights to help you stay off the DoD's naughty list and win more contracts in 2025. 🎯 Need help? Get your free SPRS Score Roadmap → https://cmmccomplianceguide.com/free-sprs-roadmap…

Submit any questions you would like answered on the podcast! Feeling overwhelmed by CMMC compliance and NIST 800-171’s 110 controls? You’re not alone — but you don’t have to be stuck. In this episode of the CMMC Compliance Guide Podcast , Brooke and Austin break down NIST 800-171 Revision 2 in plain English — no government-speak, no tech jargon — so you can finally understand what each control family means for your business. You'll learn: What NIST 800-171 really requires (and why it matters for your SPRS score) How to tackle key control families like Access Control, Awareness & Training, and Audit & Accountability The critical mistakes contractors make (and how to avoid them) Why documentation is the #1 secret weapon for CMMC success Real-world tips for manufacturing, machine shop, and aerospace contractors navigating CMMC Level 2 🔥 Don’t wait until an assessor says “No Soup for You” — build a compliance system that actually protects your business and wins contracts. 👉 Need help fast-tracking your compliance journey? Visit https://cmmccomplianceguide.com to download free resources or schedule a discovery call.…

Submit any questions you would like answered on the podcast! Is your SPRS score putting your DoD contracts at risk? In this episode of the CMMC Compliance Guide, we break down exactly what the SPRS score is, why it matters, and how to improve it fast—before you lose out on federal work. Whether you're stuck at -72 or hovering at 80, we’ll walk you through how to get to 110 with practical, plain-English guidance. From gap analysis to POA&Ms, system security plans, encryption, MFA, and the best GRC tools—we’re covering it all. 👉 Schedule your FREE SPRS Roadmap Session (Limited Time): www.cmmccomplianceguide.com/free-sprs-roadmap ✅ $1,500 Value — No pitch, no pressure. Just expert help. 🎯 What You'll Learn: ✅What an SPRS score is and why it matters ✅How to assess your current score (and why most are wrong) ✅What documentation and tech controls you must have ✅How to get to 110 — even if you’re starting from a negative score…

Submit any questions you would like answered on the podcast! If someone tells you CMMC compliance can't be easy… they’re not necessarily wrong — but they’re also missing the point. In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke from Justice IT Consulting break down one of the biggest myths in the compliance space: that achieving CMMC compliance has to be overwhelming, time-consuming, and painfully complex. Using our E.A.S.Y. framework, we’re showing you how strategic companies are simplifying their compliance efforts and turning cybersecurity into a competitive edge: ✅ E – Expert Guided: Why going it alone can cost you more in time and money. ✅ A – Aligned to Requirements: How to avoid the tech-first trap and focus on business process. ✅ S – Streamlined Approach: Proven tools, trusted frameworks, and no need to reinvent the wheel. ✅ Y – Your Competitive Advantage: Compliance isn’t just a checkbox — it’s a business differentiator. Whether you're a defense contractor starting your compliance journey or trying to stay ahead of evolving requirements, this episode gives you the mindset and framework to make CMMC easier — not effortless, but easier. 📞 Need help fast-tracking your compliance? Reach out at: cmmccomplianceguide.com/podcast — we’ll answer your questions for free right here on the show.…

Submit any questions you would like answered on the podcast! In this episode of The CMMC Compliance Guide Podcast, Brooke and Austin dive into a key question many DoD contractors face: Should you handle CMMC compliance yourself or hire a consultant? We break down the risks, costs, and benefits to help you make the best decision for your business. Discover the 6 major risks of DIY compliance, including: 1️⃣ Losing DoD contracts due to non-compliance 2️⃣ Keeping up with ever-changing CMMC requirements 3️⃣ Hidden costs that make DIY compliance more expensive 4️⃣ The gap in IT teams’ compliance expertise 5️⃣ Security risks that linger even after passing an assessment 6️⃣ How CMMC assessors prioritize well-prepared organizations 🎯 Whether you’re starting your compliance journey or stuck midway, this episode offers actionable advice to help you stay compliant and secure. 🔗 For expert guidance and resources, visit https://cmmccomplianceguide.com/ 👍 Don't forget to like, comment, and subscribe for more tips on achieving CMMC compliance with confidence.…

Submit any questions you would like answered on the podcast! In this episode of The CMMC Compliance Guide Podcast, Brooke and Stacey reveal a critical factor that could make or break your compliance journey: your IT provider. ✅ Discover why your IT provider plays a crucial role in your CMMC assessment. ✅ Learn the risks of working with an unqualified IT provider — and how they could cost you contracts. ✅ Find out what a qualified IT provider should bring to the table to simplify your compliance process. ✅ Get actionable tips on how to vet an IT provider to ensure they’re an asset — not a liability. 🎯 Don’t leave your compliance journey to chance. Tune in to learn how to make your IT provider your strongest ally. 🔗 For more resources, visit https://cmmccomplianceguide.com/ ❗Get past all the CMMC jargon by downloading our CMMC Glossary: https://cmmccomplianceguide.com/glossary…

Submit any questions you would like answered on the podcast! The DoD is tightening its cybersecurity regulations, and your aerospace contracts could be on the line. In this episode of The CMMC Compliance Guide Podcast, we break down the latest changes to CMMC, DFARS, and FAR that could directly impact your business. Join Austin and Brooke from Justice IT Consulting as they explain: ✅ The upcoming CMMC, DFARS, and FAR rule changes & deadlines ✅ Why self-reported compliance is no longer enough ✅ How SPRS scores and third-party assessments will determine contract eligibility ✅ The legal risks of non-compliance, including False Claims Act violations ✅ Steps you must take right now to stay ahead of the cybersecurity crackdown Don’t wait until it’s too late! Compliance deadlines are fast approaching, and failing to prepare could mean losing out on DoD contracts. Stay informed, stay compliant, and protect your business. 📌 Download your free guide here: https://cmmccomplianceguide.com/ultimate-aerospace-contractor-guide 📌 Need help with compliance? Contact us at https://cmmccomplianceguide.com…

Submit any questions you would like answered on the podcast! In this episode of The CMMC Compliance Guide Podcast , we break down the most important updates from the CyberAB January Town Hall. From the latest developments in CMMC implementation to the newly proposed FAR CUI rule, we discuss what these changes mean for DoD contractors and beyond. Key Takeaways: The CMMC program is officially live under CFR 32—what this means for your business. The FAR CUI rule and how it expands compliance beyond the DoD. What DoD contractors should be doing right now to stay ahead of upcoming certification requirements. The latest challenges in obtaining CMMC Level 2 certification and how to navigate delays. If your business is in the Defense Industrial Base (DIB) or sells to the Federal Government, this episode is a must-listen! Stay informed, stay compliant, and don’t get left behind. 📩 Got questions? Contact us at cmmccomplianceguide.com/podcast – we’ll answer them for free on the podcast!…

Submit any questions you would like answered on the podcast! In this week’s episode, Brooke Justice and guest cohost Stacey break down one of the most crucial topics for DoD contractors: how CMMC compliance directly impacts your ability to win and keep defense contracts. From understanding compliance levels to avoiding costly mistakes, we’ll walk you through everything you need to know to stay competitive and avoid compliance pitfalls. You’ll learn: ✅ Why CMMC is becoming a non-negotiable requirement for DoD contracts ✅ How being CMMC compliant gives you a competitive edge ✅ What compliance level you should aim for to secure future opportunities ✅ The biggest mistakes companies make that put their contracts at risk ✅ How to ensure your supply chain isn’t a weak link Whether you’re a prime contractor, subcontractor, or just starting your CMMC journey, this episode is packed with actionable insights to help you navigate the compliance landscape. 💡 Have questions? We want to hear from you! Send us your questions at cmmccomplianceguide.com and we’ll answer them in a future episode—for free!…

Submit any questions you would like answered on the podcast! In this episode of The CMMC Compliance Guide Podcast , Brooke and Stacey from Justice IT Consulting dive deep into the critical distinctions between FedRAMP Authorization and FedRAMP Equivalency . Whether you're leveraging cloud services for compliance or planning your next steps in CMMC certification, understanding these two pathways is crucial. We break down the key differences, discuss how each impacts your compliance journey, and provide actionable advice to help you make the right choice for your business. Tune in to learn: What FedRAMP is and why it matters for cloud security. The pros and cons of Authorization vs. Equivalency. How each option affects your CMMC assessment timelines and costs. Practical tips to stay ahead in your compliance efforts. Got questions? We’re answering them for free on the podcast! Reach out via text, email, or call at cmmccomplianceguide.com . Don't miss this essential episode—subscribe now and stay compliant, stay secure!…

Submit any questions you would like answered on the podcast! In this episode of The CMMC Compliance Guide Podcast , Brooke Justice is joined by guest cohost Stacey Flores , stepping in for Austin Justice, to bring you the key takeaways from the recent CEIC East conference. If you missed the event, don’t worry—Brooke and Stacey are here to fill you in on everything you need to know to navigate the ever-evolving world of CMMC compliance in 2024. What’s in Store: 🚀 CMMC Rollout Updates: Find out why the rollout is moving faster than expected and how prime contractors might push subs to certify early. 📋 Certification Timing Tips: Learn how to avoid assessment bottlenecks and prepare your organization now. 🔐 Key Regulatory Changes: Get the latest on POAM limits, FIPS encryption updates, ESP requirements, and more. 🛠️ Actionable Advice: Practical tips for refining your SSP, aligning with ESPs, and staying ahead in compliance. Brooke and Stacey dive deep into the insights gained from networking with policy experts, vendors, and assessors at CEIC East, offering practical advice to help you stay on track with compliance and secure your contracts. Whether you’re a seasoned compliance pro or just starting your journey, this episode has something for everyone. Engage with Us: Have questions or need more guidance? Reach out to us at cmmccomplianceguide.com —we’re here to help!…

Submit any questions you would like answered on the podcast! In this in-depth discussion, Austin and Brooke Justice from Justice IT Consulting break down the critical updates and challenges associated with the new 48 CFR proposed rule for CMMC 2.0 compliance. Learn about the key differences from previous regulations, the most significant hurdles DoD contractors will face, and the vital steps you must take to ensure your business stays compliant. Discover how the proposed rule makes CMMC 2.0 a reality, the importance of early preparation, and how subcontractors can navigate the complexities of this process. Brooke Justice, our resident compliance expert, offers practical advice on how to avoid common pitfalls, manage the overwhelming documentation requirements, and ensure your business is ready when the final rule comes into effect.…

Submit any questions you would like answered on the podcast! Are you a DoD contractor navigating the complexities of the 32 CFR Rule? In this video, we break down the key aspects of the 32 CFR Rule, explaining how it impacts defense contractors and the steps you need to take to stay compliant. Whether you're new to the defense industry or need a refresher, this video offers valuable insights into ensuring your business meets the Department of Defense's strict regulations. Avoid costly mistakes and protect your contracts by understanding the full scope of 32 CFR compliance. What You’ll Learn: An overview of the 32 CFR Rule How the 32 CFR Rule impacts DoD contractors Key compliance strategies for DoD contractors Essential steps to avoid common compliance pitfalls Stay ahead of the competition and ensure your compliance with the latest regulations!…

Submit any questions you would like answered on the podcast! In this special episode, we take you behind the scenes to explore the origin story of the CMMC Compliance Guide Podcast. Join hosts, Austin and Brooke Justice as they share how the podcast began, its mission to help defense contractors navigate the complexities of CMMC compliance, and what drives our passion for making the process hassle-free. Whether you’re new to CMMC or a seasoned professional, this episode offers insights into how we started and why we’re dedicated to supporting your compliance journey. Key Takeaways: Why we launched the CMMC Compliance Guide Podcast The challenges that led to the podcast's creation How our mission evolved to simplify CMMC compliance for defense contractors What's next for the podcast and our community…

Submit any questions you would like answered on the podcast! In this episode, Brooke and Austin Justice dive into the latest CyberAB townhall update, sharing key insights for defense contractors. Stay informed on the latest CMMC developments, compliance changes, and how they could impact your business. Whether you're navigating CMMC 2.0 or simply trying to stay ahead of cybersecurity requirements, this recap is for you! Topics Covered: Important updates from CyberAB Key compliance insights for contractors How these changes affect your CMMC journey…

Submit any questions you would like answered on the podcast! In this special episode of the CMMC Compliance Guide Podcast, hosts Brooke and Austin Justice are joined by Chris Silvers, one of less than 100 individuals officially certified as both a Certified CMMC Provisional Assessor and Instructor. With over 25 years of cybersecurity experience, Chris has led CMMC instruction for more than 1,000 students and has developed courses and practice exams with one of the only 51 Licensed Training Providers recognized today. His active roles in thought leadership bodies such as the CMMC Industry Standards Council and the C3PAO Forum place him on the front lines of the CMMC 2.0 rollout, making him uniquely equipped to guide defense contractors through the certification process. Key Topics Discussed: The role of a Certified CMMC Assessor and how they support businesses Common pitfalls businesses face and how to avoid them How to prepare financially and strategically for the assessment Best practices for working with an assessor…

Submit any questions you would like answered on the podcast! In this episode, Brooke and Austin Justice dive into the latest CyberAB townhall update, sharing key insights for defense contractors. Stay informed on the latest CMMC developments, compliance changes, and how they could impact your business. Whether you're navigating CMMC 2.0 or simply trying to stay ahead of cybersecurity requirements, this recap is for you! Topics Covered: Important updates from CyberAB Key compliance insights for contractors How these changes affect your CMMC journey Download Your Copy of the 48 CFR Guidebook Here…

Submit any questions you would like answered on the podcast! In this thought-provoking episode of the CMMC Compliance Guide Podcast, Brooke and Austin Justice tackle a question that’s top of mind for many small and medium-sized businesses in the defense supply chain: Is CMMC a necessary defense in a digital war, or an unreasonable burden on SMBs? Key Discussion Points: The sustainability of CMMC for SMBs: Is it too complex and costly? The DoD’s perspective on cybersecurity as a digital war against threats like IP theft. Strategies for SMBs to balance compliance costs with staying in defense contracts. Practical steps for SMBs to start their compliance journey today.…