Think compliance is just an IT problem? It’s a revenue problem, too. Without it, some contracts will stay out of reach.

In this episode, Jara Rowe talks with Tom Greco, vCISO at Trava Security, about what companies need to know about the Cybersecurity Maturity Model Certification (CMMC). It’s a Department of Defense requirement that verifies whether companies are securely handling Controlled Unclassified Information (CUI). Tom Greco explains what CMMC involves, how scoping affects your readiness, and how to maintain compliance over time. In short, if you want to win or keep federal contracts, CMMC compliance isn’t optional.

Key takeaways:

• What CMMC is and why it exists
• The importance of accurate scoping
• Tools and tips to maintain CMMC compliance

Episode highlights:

(00:00) Today’s topic: What is CMMC?

(02:20) What CMMC means for your business

(06:05) The nuances of scoping

(10:07) How contracts set your CMMC level 

(13:44) Self-assessment vs third-party audits

(17:36) Maintaining CMMC compliance over time

(22:17) Perform gap assessments ASAP

Connect with the host:

Jara Rowe’s LinkedIn - @jararowe

Connect with the guest:

Thomas Greco’s LinkedIn - @thomas-greco

Connect with Trava:

Website - www.travasecurity.com

Blog - www.travasecurity.com/learn-with-trava/blog

LinkedIn - @travasecurity

YouTube - @travasecurity