Sum IT Up: CMMC News Roundup cover art

Sum IT Up: CMMC News Roundup

Sum IT Up: CMMC News Roundup

Written by: Summit 7
Listen for free

About this listen

It's difficult to keep up with all of the moving parts that make up the Department of Defense's Cybersecurity Maturity Model Certification Program. It's even more difficult to keep up with the relevant bits and bites that influence CMMC. This weekly podcast sums up the news and developments relevant to CMMC; DFARS and other regulations; and NIST standards such as SP 800-171, SP 800-53, the NIST Cybersecurity Framework, and others.

Copyright 2026 by Summit 7 Political Science Politics & Government
Episodes
  • The End of SPRS Scores (sort of)

    The End of SPRS Scores (sort of)
    Feb 5 2026

    The largest change to DFARS cybersecurity requirements other than CMMC took place on February 1st, 2026, and nobody knew it happened. DFARS 7019 and 7020 have been replaced by DFARS clause 252.240-7997. Basic self-assessments have been eliminated. FAR 52.204-21 has a new number. And none of this went through rulemaking. This week we're diving deep into the mysterious world of class deviations and what they mean for defense contractors moving forward.

    RFO Website: https://www.acquisition.gov/far-overhaul

    DFARS RFO Deviations: https://www.acq.osd.mil/dpap/dars/dfars_far_overhaul_class_deviations.html

    CMMC class deviation: https://youtu.be/vC4IJ2JQ5NU?si=B8I9DII4ZEbQ2dNx

    7012 class deviation: https://youtu.be/voziZRAMvv4?si=HxIkpUWnxyergEUQ

    Show More Show Less
    34 mins
  • Monthly Cyber AB Town Hall Recap (January)

    Monthly Cyber AB Town Hall Recap (January)
    Jan 29 2026

    After a brief hiatus, the Cyber AB has gathered the CMMC Ecosystem to deliver its monthly update. On this week's show, we breakdown the information distributed on this month's meeting that you need to know. Things like:

    • Who is the new DoW CIO?

    • Pending shutdown and CMMC Impacts

    • Ecosystem Growth and Certification updates

    • Does this show count for CPEs?

    And so much more...Tune in to find out!

    ISACA Webinar - CMMC: Requirements, Roles, and Professional Credentials: https://store.isaca.org/s/community-event?id=a33VQ000001otC1YAI

    DAU CMMC microlearning: https://www.dau.edu/acquipedia?combine=cmmc&title=C&field_functional_area_target_id=All&field_topic_area_target_id=All

    ISACA CMMC Page: https://www.isaca.org/credentialing/cmmc

    Show More Show Less
    47 mins
  • CMMC for GSA Contractors?

    CMMC for GSA Contractors?
    Jan 22 2026

    Defense contractors aren't the only ones who need to implement NIST cybersecurity requirements for CUI. The big question has always been whether other agencies would require proof of implementation via the CMMC program. The GSA just revised their process for assessing nonfederal systems handling controlled unclassified information and it's way closer to NIST's Risk Management Framework than CMMC.

    CIO-IT Security-21-112r1 (PDF): https://www.gsa.gov/system/files/Protecting-Controlled-Unclassified-Information-%28CUI%29-in-Nonfederal-Systems-and-Organizations-Process-%5BCIO-IT-Security-21-112-Rev-1%5D.pdf

    Summit 7 Live San Diego: https://www.summit7.us/s7live
    Show More Show Less
    19 mins
No reviews yet