Cyberspin
A podcast to help you navigate CMMC.
Listen on:
Episodes
7 days ago
7 days ago
In this holiday edition of CMMC Connect, the Redspin team wraps up a busy year by tackling real questions from the Defense Industrial Base, sharing practical best practices, and looking ahead to what 2026 may bring for CMMC. From lessons learned in the field to what contractors should be thinking about next, this session covers a wide range of timely topics — with a little holiday fun mixed in.
We also share what’s new for CMMC Connect in 2026. Sessions will continue on the last Thursday of every month, starting January 29, but with a simplified registration process. Going forward, you’ll only need to register once for the year, and calendar invites will be sent out quarterly to make planning easier.
Whether you joined us live or are catching up on the replay, this episode is a great way to close out the year and get oriented for what’s ahead in CMMC.
Listen now and be sure to register for CMMC Connect to stay on the list for upcoming 2026 sessions.
CMMC Connect happens on the last Thursday of every month at 1 PM ET. Register for the series and submit questions here: https://redspin.com/cmmc-connect-hub/
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.
Thursday Nov 20, 2025
Thursday Nov 20, 2025
Phase 1 of CMMC is officially here, and this month’s CMMC Connect dives straight into what contractors are experiencing on the ground. Redspin’s panel of CCAs break down the newest DoD updates, rising assessment backlogs (or is it rising false-starts?), early Level 2 contract requirements, and the most common “not met” trends they’re seeing in real assessments.
They also unpack key findings from Redspin’s new Momentum but Slow Movement report, based on data from 180 DoD contractors, including the growing wave of flow-down demands from primes.
If you want clear, practical answers on scoping, evidence, encryption, specialized assets, subcontractor management, or what counts as a “significant change,” this episode has it.
Plus: Redspin is hiring CCAs as demand skyrockets.
CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.
Monday Nov 03, 2025
Monday Nov 03, 2025
In this special Halloween edition of CMMC Connect, the Redspin team swapped their suits for costumes and dove into what’s next as CMMC Phase 1 officially begins on November 10.
Join Dr. Thomas Graham, Jeremy Mares, Rob Teague, and Phil Conrad, hosted by Lauren Frickle, as they unpack:
Why November 10 marks the start of CMMC, not the finish line
What to do before the rollout — including updating your SPRS scores
When service providers (like CPA firms) come into scope
Key insights from the field — over 430 Level 2 assessments completed and counting
Tips to prepare for the 2026 Phase 2 rollout and avoid assessment backlogs
Sooooooo much more
Of course, things got a little fun — proving once again that CMMC doesn’t have to be scary.
CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.
Monday Sep 29, 2025
Monday Sep 29, 2025
CMMC timelines, DFARS 7025, FedRAMP CRM responsibilities, interim compliance signals, and what’s next for NIST 800-171 Rev. 3, our team of CMMC Certified Assessors (CCAs) covered the hottest questions the DIB is asking right now. If you’re aiming for Level 2 or fielding customer requests for proof of certification in Phase 1, this conversation is your quick-hit guide to what matters most.
CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.
Monday Sep 15, 2025
Monday Sep 15, 2025
The long-awaited final 48 CFR DFARS 7021 rule has dropped, and CMMC is officially headed into contracts. In this special live call-in edition of Cyberspin, the Redspin team gives their quick breakdown to the finalized rule before answering audience questions on everything from SSO/MFA and joint ventures to whether small contractors can realistically achieve Level 2 certification. We also dive into separation of duties, prime pressure on subs, and the most cost-effective paths to certification, and so much more
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.
Friday Aug 29, 2025
Friday Aug 29, 2025
In this live CMMC Connect session, Redspin’s experts tackle audience questions head-on: How soon after 48 CFR finalization will CMMC Level 2 show up in contracts? What’s the best way to secure printers in hybrid work environments? And what happens when CMMC shortfalls trigger False Claims Act investigations? Tune in for real-world answers, practical tips, and a candid look at the signals DoD contractors can’t afford to miss.
CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.
Friday Aug 01, 2025
Friday Aug 01, 2025
In this episode, we unpack one of the most common questions in the CMMC space: What actually triggers a reassessment? From changes in CUI flow to infrastructure shifts and company acquisitions, we break down when you might need to re-certify—and what’s still awaiting clarity from the DoD.
We also share lessons learned from the field, including common missteps organizations are making in cloud environments. Misconfigured policies, inherited templates, and SSPs that don’t reflect reality are tripping up otherwise prepared teams.
Next, we take a closer look at the Shared Responsibility Model. Your External Service Provider (ESP) can’t carry the full weight of compliance. We explain what controls can be inherited, what’s shared, and where your organization is ultimately accountable.
Then we dive into key updates on 48 CFR—the rule that puts CMMC into contracts. With final review underway, we discuss what the phased rollout may look like, enforcement timelines, and how this will impact existing agreements.
Finally, don’t miss the live Q&A segment, where we tackle everything from overseas CUI control obligations to M365 scoping confusion and the new six-year evidence retention rule.
Tune in & take notes!
CMMC Connect happens every last Thursday at 1 PM ET. Register: redspin.com/events/cmmc-connect
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.
Thursday Jul 31, 2025
Thursday Jul 31, 2025
Big moves in CMMC rulemaking are happening, and the signals from DoD leadership are loud and clear. In this episode, we break down the recent milestone that sent 48 CFR to OIRA for final review, the critical July 18th memo from THEE Secretary of Defense, and what it all means for the Defense Industrial Base. We’ll talk terminology ("effective" vs. "enforceable"), and timelines for contractors.
Subscribe to Cyberspin on Apple iTunes, Spotify, or your preferred podcast platform. You can always stream the latest episodes at redspin.com.