In this informative webinar, Michael Dempsey (CEO, CISEVE), Tobias Musser (Co-CEO, MNS Group), and Brian Hubbard (President, Evolved Cyber, LLC) unpacked the latest updates to 48 CFR; what’s new, what changed from pre-publication to post-publication, and how contractors can turn CMMC into a competitive advantage.
Key takeaways (quick read)
-
What changed: The final publication of 48 CFR clarifies expectations around CMMC levels, assessment pathways, and how contractors should evidence compliance.
-
Why it matters: Both prime contractors and subcontractors face tighter requirements regarding the handling of CUI, SPRS scoring, and readiness for formal assessments.
-
How to prepare: Treat CMMC as a continuous program, tighten policies, map CUI, validate SPRS inputs, and rehearse the 320-question assessment flow so you’re not learning under pressure.
- Question and answers: Hear some of the questions asked by attendees on costs of assessments, timeline to certification, and more.
Breakdown by Chapter
-
01:06 — Speaker introductions (Tobias Musser, Michael Dempsey, Brian Hubbard)
-
03:35 — The history of CMMC & objectives
-
04:56 — CMMC Levels 1, 2, and 3
-
08:00 — CMMC timeline
-
10:00 — CUI & Defense CUI
-
13:36 — Overview of 48 CFR
-
14:50 — What changed from pre-publication to post-publication
-
19:00 — What’s new in 48 CFR
-
22:30 — SPRS (Supplier Performance Risk System)
-
25:22 — What contractors should know
-
27:10 — CMMC assessments
-
28:30 — Types of CMMC assessments
-
30:50 — The assessment: 320-question interview
-
31:20 — The urgency of CMMC
-
37:08 — What contractors can do now
-
42:01 — What C3PAOs are seeing
-
43:42 — How to get started
-
48:26 — Q&A
