CMMC Demystified Scoping Compliance and Avoiding Costly Mistakes cover art

CMMC Demystified Scoping Compliance and Avoiding Costly Mistakes

CMMC Demystified Scoping Compliance and Avoiding Costly Mistakes

Listen for free

View show details

About this listen

In this episode, Cheri Hotman and Paula Biggs break down the realities of CMMC compliance, with a special focus on scoping and avoiding common missteps. They explain how CMMC builds on existing NIST 800-171 requirements and why scoping—deciding which systems, people, and vendors fall under compliance—is the first and most critical step. Paula emphasizes that smaller companies can often save significant cost and risk by narrowing their scope strategically, while Cheri highlights how poor scoping leads to inflated audits, unnecessary licensing fees, and added risk exposure. Together, they stress the importance of understanding vendor responsibilities, building accurate and detailed System Security Plans (SSPs), and treating audits as confidence-building exercises rather than checkbox events. The conversation reinforces that CMMC isn’t just about passing an audit—it’s about sustaining secure, risk-aware practices that protect sensitive data and long-term business trust.
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.