In this episode Jacob speaks with Dr. Thomas Graham who is a CMMC assessor.

Thomas is the Vice President and CISO at Redspin, and Redspin is the first CMMC Third Party Assessor Organization (C3PAO)!

This episode has a lot of great information for the defense industrial base!Here are some highlights from the episode:

• Redspins' experience becoming the first C3PAO
• Notable changes in NIST 800-171 r3
• CMMC challenges and misconceptions
• Tips for selecting the right CMMC consultant and assessor
• Other countries interested in CMMC
• Each phase of the CMMC assessment process
• What CMMC practices can be POA&M'd according to current guidance
• And more!

Follow Thomas on LinkedIn: https://www.linkedin.com/in/tgrahamphd/

Redspin website: https://www.redspin.com

-----------

Governance, Risk, and Compliance Academy (GRC) Academy is a training and research platform!

Online GRC Training: https://grcacademy.io/courses/?utm_source=podcast&utm_medium=s1-e14&utm_campaign=courses

Need a FedRAMP authorized Password Manager?

Start a free 14-day trial of Keeper: https://grcacademy.io/ref/keeper/b2b-trial/

See the CMMC controls that Keeper meets: https://grcacademy.io/ref/keeper/cmmc-controls-sheet/