In this conversation, Kaleigh Floyd, Bobby Guerra, and Adam Evans discuss the distinctions between Cloud Service Providers (CSPs) and other service providers (ESPs), the significance of Controlled Unclassified Information (CUI), and the importance of vendor assessments in the context of the 32 CFR rule. They delve into the necessary audits, risk management strategies, and the implications of security protection data versus security protection assets for contractors and subcontractors in the defense industry.

They discuss the importance of selecting the right vendors for compliance, emphasizing the need for vendors to be prepared and knowledgeable. The conversation also highlights the ongoing nature of compliance, stressing that businesses must continually assess and update their practices.

LinkedIn: https://www.linkedin.com/in/bobbyguerra/
Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Karen and Bobby dive into the complexities of cybersecurity audits, particularly focusing on the distinctions between CMMC and FedRAMP. They discuss operational challenges, the assessment processes, and the importance of recommendations in FedRAMP. The conversation also highlights misconceptions about FedRAMP, the implications of equivalency versus accreditation, and the future of cloud services in relation to these frameworks.

LinkedIn: https://www.linkedin.com/in/bobbyguerra/
Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Are you an MSP navigating CMMC? Are you a contractor looking for the right MSP for your climb to CMMC? This episode is going to decipher the 32 CFR final rule with those to perspectives front-of-mind.

Bobby and Kaleigh discuss the assessment requirements of an ESP, what inheritance is, and how an MSP can prepare to help their clients in the DIB space.

LinkedIn: https://www.linkedin.com/in/bobbyguerra/
Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

In this conversation, Bobby Guerra and Kaleigh Floyd discuss the recent release of the 32 CFR Final Rule and its implications for organizations. They explore the importance of self-assessments, the complexities involved, and the distinctions between different types of compliance measures such as enduring exceptions, operational plans, and temporary deficiencies.

The conversation also delves into the differences between Cloud Service Providers (CSPs) and External Service Providers (ESPs), providing insights into how organizations can navigate these new regulations effectively. Kaleigh and Bobby discuss FedRAMP requirements, the importance of understanding inheritance in compliance frameworks, and the recent changes in certification requirements for CCPs and CCAs.

LinkedIn: https://www.linkedin.com/in/bobbyguerra/
Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

32 CFR Final Rule!

The time has come. We wanted to hop on a quick video, before Kaleigh hops on a plane, to talk about the 32 CFR FINAL RULE. We may or may not have recorded a 2 hour long podcast this week that we now have to cut…but we are back and ready to review the Final Rule.

Phase extensions, SPD definitions, ESP requirements and more!

Read it Here: https://public-inspection.federalregister.gov/2024-22905.pdf

LinkedIn: https://www.linkedin.com/in/bobbyguerra/
Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Hello Climbers, let's get real about the resources needed on your climb of CMMC. Bobby and Adam discuss the people, tools, and more that it takes to accomplish CMMC Level 2 compliance.They explore the importance of having knowledgeable personnel, the role of Managed Service Providers (MSPs) and consultants, the challenges in finding certified MSPs, and the technology resources required for compliance. The discussion emphasizes the significance of scoping, data flow, and security considerations, as well as the preparation needed for assessments and audits.

LinkedIn: https://www.linkedin.com/in/bobbyguerra/
Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

In this engaging conversation, Jason Sproesser shares his journey into the CMMC space and the evolution of the Sum IT Up podcast. The discussion highlights the importance of community, vulnerability, and authenticity in the cybersecurity field, as well as the challenges faced by MSPs. Jason emphasizes the need for collaboration and the value of sharing experiences to help others navigate the complexities of cybersecurity compliance.

LinkedIn: https://www.linkedin.com/in/bobbyguerra/
Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

In this podcast episode, Bobby Guerra and Kaleigh Floyd discuss the challenges and implications of the CMMC (Cybersecurity Maturity Model Certification) ruling. They highlight the impact of the 32 CFR (Code of Federal Regulations) on organizations and vendors who need to meet the level two requirements. They emphasize that many companies were not intentionally misleading or non-compliant, but rather were caught off guard by the new ruling. The conversation explores the emotional and financial toll this has taken on businesses and offers recommendations for those navigating the CMMC process.

LinkedIn: https://www.linkedin.com/in/bobbyguerra/
Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ