CMMC Compliance Guide
Our experiences inspired the creation of The CMMC Compliance Guide Podcast and its accompanying resources. The podcast began as a way to share what we learned through real-world challenges—like helping that aerospace machine shop—and to provide accessible education for businesses navigating DoD cybersecurity requirements.
The CMMC Compliance Guide Podcast breaks down complex topics like NIST 800-171 and CMMC into actionable, easy-to-understand steps. Whether you’re a subcontractor struggling to meet compliance deadlines or a business owner looking to secure your supply chain, the guide offers practical advice to help you take control of your cybersecurity journey.
Episodes
64 episodes
CMMC for Small Aerospace Suppliers: Real Costs, DIY Limits, Level 1 vs 2, and the November 2026 Deadline
Small aerospace suppliers are getting hit with the same CMMC questions over and over: what do I actually need to do if my contract requirements aren't clear yet, does redacting a drawing get it out of CUI territory, will a tool like ThreatLocke...
Cyber AB May 2026 Town Hall Recap: External Service Providers, Marketplace 2.0, New Leadership & OSC Accountability Explained
The Cyber AB's May 2026 Town Hall packed in major updates and if you work with an MSP, use cloud services, or are trying to figure out where your compliance responsibility actually ends, this episode is required listening. Brooke and Stacey bre...
New CMMC FAQ Clarifications: Joint Ventures, Paper-Only CUI, Reassessment Triggers & Where MSPs Actually Fit in Scope
The Department of Defense just updated its CMMC FAQ document — and the clarifications inside answer some of the most common (and costly) assumptions contractors make. In this episode, Brooke and Stacey break down what changed for joint ventures...
The CMMC Reality Check: Gap Assessments, Documentation Overload & Why 30-Day Compliance Claims Are a Red Flag
Most defense contractors don't realize how complex CMMC compliance really is until they're already in trouble. In this episode, Brooke and Stacey break down the exact moments where contractors hit their wake-up call, what to expect from a gap a...
CS5 West 2026 CMMC Recap for Defense Contractor
In this episode of the CMMC Compliance Guide Podcast, Brooke breaks down the biggest takeaways from CS5 West 2026, one of the largest conferences in the CMMC ecosystem.The biggest message from the conference was clear: CMMC is no longer ...
How Small Defense Contractors Can Handle CMMC Compliance
In this episode of the CMMC Compliance Guide Podcast, we tackle one of the biggest challenges in the Defense Industrial Base: how small contractors without internal IT teams are realistically handling CMMC compliance.Many small manufactu...
Why Contractors Fail CMMC Assessments and How to Prepare
In this episode of the CMMC Compliance Guide Podcast, we break down one of the most frustrating realities for defense contractors thinking you are ready for a CMMC assessment, only to find out you are not.Many companies believe they are ...
Top CMMC Compliance Mistakes and How to Avoid Them
In this episode of the CMMC Compliance Guide Podcast, we break down the most common mistakes defense contractors make when preparing for CMMC compliance and how those mistakes can cost you time, money, and even future contracts.Even thou...
Can You Create CUI? CMMC Scope, ERP Systems, and Contractor Risk Explained
In this episode of the CMMC Compliance Guide Podcast, we tackle one of the most misunderstood topics in CMMC compliance.Many contractors assume that if information is not marked as controlled unclassified information, then it is not CUI....
The Hidden Operational Workload Behind CMMC Compliance
In this episode of the CMMC Compliance Guide Podcast, we break down one of the biggest misconceptions in CMMC compliance.Most contractors think CMMC is just a cybersecurity upgrade. Install a few tools, write some policies, and you are r...
CMMC Reassessments Explained: What Changes Trigger a New Assessment
In this episode of the CMMC Compliance Guide Podcast, we break down one of the most overlooked risks in CMMC compliance. What actually happens when your environment changes after an assessment?Many contractors assume that once they pass ...
How Prime Contractors Evaluate Supplier Cybersecurity and CMMC Compliance
What are prime contractors actually expecting from suppliers when it comes to CMMC and cybersecurity?In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke sit down with Bo Birdwell from Elbit Systems of America to get t...
CMMC Supplier Questions Answered: Level 1 vs Level 2, Costs, Scope, and Flowdown for DoW Contractors
What do small machine shops, aerospace suppliers, and defense manufacturers really need to know about CMMC right now?In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke answer some of the most common supplier question...
CMMC Level 1 Self-Attestation Explained: Requirements, Evidence, and Risk
lot of contractors assume CMMC Level 1 is just a simple checkbox. It is not.In this episode, Austin and Brooke break down what CMMC Level 1 actually requires, what a self-assessment really looks like, and why self-attestation witho...
CMMC Scoping 101: The Most Expensive Mistake Contractors Make (And How to Fix It)
Scope is the foundation of your CMMC compliance program and getting it wrong is one of the most expensive mistakes a DoD contractor can make.In this episode, Austin and Brooke break down what “scope” actually means in plain English, why ...
Key Takeaways from the January 2026 CMMC Town Hall: Hard Copy CUI, Scope, and Program Changes
The January 2026 CMMC Town Hall brought several important clarifications and program updates that directly impact Department of War (DoD) contractors.In this episode of the CMMC Compliance Guide Podcast, we break down what changed, what ...
Why Feeling “CMMC Ready” Isn’t the Same as Passing a Level 2 Assessment
Many DoW contractors feel confident they’re ready for a CMMC Level 2 assessment until assessors get involved. That’s when gaps in documentation, scope, and operational maturity start to surface.In this episode of the CMMC ...
CMMC FAQ Update: Timeline, Subcontractor Flowdowns, Enclaves, Cloud Rules, and VDI Scope Explained
The DoW just released updated CMMC FAQs that clarify the rules contractors keep getting wrong. In this episode, Austin and Brooke break down what the new guidance actually says, what it means for your scope, and where vendor and architecture de...
How to Triage CMMC Compliance When You’re Overwhelmed and Short on Time
When CMMC compliance starts to feel overwhelming, most companies don’t fail because they lack effort, they fail because they don’t know where to start.In this episode of the CMMC Compliance Guide Podcast, Brooke and Stacey break down wh...
CMMC Evidence 101: How to Prove NIST 800-171 Compliance in a Level 2 Assessment
Get your free SPRS Roadmap here: https://cmmccomplianceguide.com/free-sprs-roadmapIn this episode of the CMMC Compliance Guide Podcast, Austin and Brooke break down the #1 t...
What CMMC Assessors Notice First: Early Red Flags That Fail Level 2 Assessments
What do CMMC Level 2 assessors notice first, sometimes within the first day, before they ever dig into your firewall configs or deep technical testing?In this episode of the CMMC Compliance Guide Podcast, Austin and Brooke break down the...
CMMC Paperwork Without the Pain: How to Simplify Policies, SSP, and Evidence (Level 1 vs Level 2)
Most small and mid-sized manufacturers do not fail CMMC because of “tech.” They fail because their documentation does not match how the shop actually runs.In this episode, Austin and Brooke break down how to build CMMC documentation that...
How CMMC Became a Competitive Advantage for DoD Contractors
CMMC is no longer just a compliance requirement. It is now a competitive advantage that directly impacts who wins and who loses DoD contracts.In this episode of the CMMC Compliance Guide Podcast, Stacey and Brooke break down how the fin...
NIST 800-171 and CMMC 2.0: How Assessors Actually Score You
Are assessors judging you on CMMC or NIST 800 171 when audit day arrives?In this episode of the CMMC Compliance Guide Podcast, Stacey and Brooke break down the real relationship between CMMC 2.0 and NIST 800 171 so you are not guessing ...
Top CMMC Myths Debunked: Cloud, Vendors, Firewalls, and MFA Mistakes Explained
Today’s episode of the CMMC Compliance Guide Podcast dives into the biggest myths that machine shops, fabricators, CNC shops, and mid-sized defense contractors still believe about CMMC. From cloud misconceptions to vendor promises that fall sho...