In this episode of Climbing Mount CMMC, Kaleigh Floyd and Kelly Hood discuss the essential steps for small businesses to navigate the complexities of CMMC compliance. They emphasize the importance of understanding the foundational reasons behind CMMC, the necessity of leadership involvement, and the identification of internal roles and responsibilities. The conversation also covers practical strategies for implementing NIST 800-171 controls, the significance of scoping, and tips for writing an effective System Security Plan (SSP). Throughout the discussion, they highlight the need for a cultural shift towards security and the importance of collaboration across departments.

Kelly Hood's Linkedln: https://www.linkedin.com/in/kellyhoodoc/

Optic Cyber Solutions: https://www.opticcyber.com/

Optic's CMMC (L2) Progress Tracker: https://43828014.hs-sites.com/cmmc-l2-progress-tracker

CAP: https://cs2.cloud/hubfs/CS2%202022/CS2%20DC/Resources/DRAFT%20CMMC%20Assessment%20Process%20(CAP)%20v1.0%20.pdf

Timestamps: 

Intro 00:00 02:40
The "Why" Behind NIST 800-171 02:41 07:35
The Importance of Leadership Buy-In 07:36 10:39
Defining Internal Roles 10:40 17:06
Working Through Domain Controls 17:07 24:55
Building Your SSP 24:56 31:29
Take Scoping Seriously 31:30 39:04
Write Something Down 39:05 41:15
Closing Remarks 41:16 42:53

Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ

Axiom's Linkedln: https://www.linkedin.com/company/axiomtech/

Bobby's Linkedln: https://www.linkedin.com/in/bobbyguerra/

Kaleigh's Linkedln: https://www.linkedin.com/in/kaleigh-floyd-079a52190/