In this informative webinar, Michael Dempsey (CEO, CISEVE), Tobias Musser (Co-CEO, MNS Group), and Brian Hubbard (President, Evolved Cyber, LLC) unpacked the latest updates to 48 CFR; what’s new, what changed from pre-publication to post-publication, and how contractors can turn CMMC into a competitive advantage.
What changed: The final publication of 48 CFR clarifies expectations around CMMC levels, assessment pathways, and how contractors should evidence compliance.
Why it matters: Both prime contractors and subcontractors face tighter requirements regarding the handling of CUI, SPRS scoring, and readiness for formal assessments.
How to prepare: Treat CMMC as a continuous program, tighten policies, map CUI, validate SPRS inputs, and rehearse the 320-question assessment flow so you’re not learning under pressure.
01:06 — Speaker introductions (Tobias Musser, Michael Dempsey, Brian Hubbard)
03:35 — The history of CMMC & objectives
04:56 — CMMC Levels 1, 2, and 3
08:00 — CMMC timeline
10:00 — CUI & Defense CUI
13:36 — Overview of 48 CFR
14:50 — What changed from pre-publication to post-publication
19:00 — What’s new in 48 CFR
22:30 — SPRS (Supplier Performance Risk System)
25:22 — What contractors should know
27:10 — CMMC assessments
28:30 — Types of CMMC assessments
30:50 — The assessment: 320-question interview
31:20 — The urgency of CMMC
37:08 — What contractors can do now
42:01 — What C3PAOs are seeing
43:42 — How to get started
48:26 — Q&A