In this episode we reflect on a few items from December 2022 and the story of #CMMC (rulemaking) in 2022 overall. We cover listener questions and Jason's experience taking (and passing) his #CCP exam. After a deep dive into the current status of CMMC rulemaking we discuss #DoD estimates about the size of the defense industrial base. We also cover a report on the status of NIST SP 800-171 implementation for DoD contractors. We wrap up with our predictions for 2023.

Episode Links:

Cooey Center of Excellence Discord Server: https://discord.com/invite/rPtTes5bq

A CMMC Rulemaking "Delay": https://insidecybersecurity.com/daily-news/pentagon%E2%80%99s-cmmc-program-launch-faces-delay-omb-rulemaking-review-shifts-january

Merrill Research Report: https://www.scmagazine.com/analysis/third-party-risk/most-us-defense-contractors-fail-basic-cybersecurity-requirements

Old school security advisory: https://www.cisa.gov/uscert/ncas/archives/alerts/TA04-111

Correction: In this episode (1:31:16), Jason mentions that Multifactor Authentication or “MFA” first started appearing in CISA Cybersecurity advisories in 2004. Although individual recommended security actions in CSAs that align with the requirements of NIST SP 800-171 can be found in alerts dating as far back as 2004, the recommendation for MFA was not introduced as a recommended mitigation action in a CISA CSA until 2014. We apologize for the error.... sometimes numbers get him excited.