We are back at it again with another rundown of the Cyber AB's monthly town hall and there sure was a lot of valuable information distributed during the meeting. Join us for this episode of we discuss some of the key information dished out this month and weigh on any impact it may have on the CMMC Program.

Things like:

• Changes in ecosystem engagement?

• Do we have enough steps are in the T3 process?

• Has certification output increased? And so much more...Tune in to find out!

Cyber AB TH Replay's: https://cyberab.org/News-Events/Town-Hall

ISACA Website: https://www.isaca.org/

T3 Inquiries (older than 6 months): https://dowcio.war.gov/CMMC/Contact/

L3Harris Missile Solutions recently sent a letter informing their suppliers that they will need to achieve CMMC Level 2 (C3PAO) Status by July, 30th 2026. Two weeks later, L3Harris announced that they had been awarded a new contract for the Army Tactical Missile System.

Coincidence? We think not.

Not only do subcontractors need to provide their Level 2 certification, they also need to provide their Level 2 assessment report.

This week we talk about whether this is an anomaly or a sign of things to come.

Register for Summit 7 Live: https://www.summit7.us/s7live

L3Harris Letter: https://www.summit7.us/blog/l3harris-supply-chain-notice

Primes can't waive CMMC: https://youtu.be/haVzS8j7Qz4?si=F2RICMKbCNRu-1uh

CMMC CAP (PDF): https://cyberab.org/Portals/0/CMMC%20Assessment%20Process%20v2.0.pdf

NIST SP 800-171 Revision 3 has been out for two years.

DFARS 252.204-7012 says to use the most current version.

So why are defense contractors still using Revision 2?

Because they're supposed to.

In this episode, we break down the temporary rule that overrides the DFARS clause and keeps the entire ecosystem aligned on Revision 2.

We cover:

• What a class deviation actually is and why it matters

• Why DoD had to pause the shift to Revision 3

• How CMMC rulemaking controls the transition

• And when Revision 3 will realistically start showing up in contracts

Bottom line: contractors aren't behind. The rules haven't changed yet.

.......

Register for Summit 7 Live: https://www.summit7.us/s7live

171r3: https://csrc.nist.gov/pubs/sp/800/171/r3/final

DFARS 7012 deviation (PDF): https://www.acq.osd.mil/dpap/policy/policyvault/USA001074-24-DPC.pdf

32 CFR 170: https://www.ecfr.gov/current/title-32/subtitle-A/chapter-I/subchapter-G/part-170

Class deviation podcast: https://youtu.be/voziZRAMvv4?si=3xHm7I_gIeQTQxLf

Class deviation press release: https://www.war.gov/News/Releases/Release/Article/3763953/department-of-defense-issues-class-deviation-on-cybersecurity-standards-for-cov/