An industry event for DoD Contractors & Higher Education Institutions: https://www.summit7.us/secure-the-dib-2025

Lockheed Martin wants their suppliers to know two things. First, suppliers should be fully and confidently compliant with existing DFARS cybersecurity requirements. Second, suppliers should be fully transitioned to the “Cybersecurity Compliance and Risk Assessment” tool. All of this before CMMC ever shows up in contracts. This shouldn't come as a surprise to anyone because this is the 6th CMMC memo from Lockheed in the last 18 months. This week we take a look at each one to see where things are headed (hint: they all say the same thing).

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

Blog: https://www.summit7.us/blog/lockheed-martin-pushes-suppliers-toward-urgent-cybersecurity-compliance

Lockheed Memo: https://www.lockheedmartin.com/en-us/suppliers/news/features/2025/cybersecurity-program-rule.html

Memo Recap: https://youtu.be/IKpH2F259J8?si=qmCyo4Mi57UvMx0g

DFARS 7012: https://youtu.be/cy4e28YAkXU?si=RJwhoS6NrZJgo9Xj

DFARS 7012 Class Deviation: https://youtu.be/voziZRAMvv4?si=Pm3mtgR338PE3B7b

DFARS 7020: https://youtu.be/D4JLkfvB-Ws?si=aa45Tr3_UhtbtH4t

Continuing our back-to-basics series of the “DFARS Cyber Series” of provisions and clauses brings us to clause 252.204-7020. This clause applies to defense contractors who are required to comply with DFARS clause 252.204-7012. Through DFARS 7020 the DoD reserves the right to conduct a higher-level assessment of a contractor's cybersecurity compliance. Additionally, defense contractors must give DoD assessors full access to their facilities, systems, and personnel.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

DFARS 7008: https://youtu.be/vgrRGIWboKc?si=g4vc5bKG6Y6G-DDo

DFARS 7012: https://youtu.be/cy4e28YAkXU?si=ImBm-iI6mh3Xs1sF

DFARS 7019: https://youtu.be/7gW_82Cus7Y?si=LxB__5jeSuJMoL5C

The Cyber AB brought the CMMC Ecosystem together once again for the June 2025 installment of their monthly Town Hall series. Join us for this week's show as we discuss all the information distributed during the meeting that you need to know; answers to questions like:

Is the Ecosystem growing?

How many certifications were awarded this month?

Does Microsoft have to be at my assessment?

And so much more... Tune in to find out!

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

AB Town Halls: https://cyberab.org/News-Events/Town-Halls/Details/march-town-hall

System Security Plans are the single most fundamental documents underpinning cybersecurity compliance for defense contractors. But even after nearly 40 years of using SSPs for federal information systems there are essentially zero examples of what good looks like. Thankfully NIST is revising SP 800-18 guidance on developing SSPs and wants your comments. This is a crash course on SSPs so you can get caught up before the July 30th comment deadline.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

DFARS 7008: https://youtu.be/vgrRGIWboKc?si=g4vc5bKG6Y6G-DDo

DFARS 7012: https://youtu.be/cy4e28YAkXU?si=ImBm-iI6mh3Xs1sF

DFARS 7019: https://youtu.be/7gW_82Cus7Y?si=LxB__5jeSuJMoL5C

NIST SP 800-18r2: https://csrc.nist.gov/pubs/sp/800/18/r2/ipd#:~:text=NIST%20Special%20Publication%20800%2D18r2,and%20mission%2Fbusiness%20process%20requirements.

NIST SP 800-18r1: https://csrc.nist.gov/pubs/sp/800/18/r1/final

The History of CMMC: https://youtu.be/jbY2irZ1ePg?si=_Ay66UqRUU9ShhJV

The CMMC program has been in-effect for six months and hundreds of early adopters have achieved CMMC Level 2 status. Today we speak with Fernando Machado, managing principal at Cybersec Investments, an authorized C3PAO. Fernando has completed 25 CMMC Level 2 assessments and he has a ton of valuable takeaways to share.

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

Fernando (LinkedIn): https://www.linkedin.com/in/fernando-machado-cissp-cism-cca-ccp-5b5581124/

Fernando pod (Dec 2024): https://youtu.be/KKJtW4G44WA?si=qzAnzp7_VrCl2Rdu

We're back to basics this week with DFARS provision 252.204-7019. SPRS scores? DIBCAC High assessments? DoD Assessment Methodology? It all started in 2020 with a humble four paragraph provision that was overshadowed by CMMC 1.0. These days the Department of Justice is settling False Claims Act lawsuits for millions and defense contracts aren't getting renewed all thanks to the DFARS cyber provision everyone loves to forget.

The Cyber AB has once again convened the CMMC ecosystem to deliver the monthly Town Hall covering the latest news and information about the CMMC Program. Join Jason and Joy as they talk about the latest ecosystem happening for the month of May.

There has been another branding change, an event filled week in Vegas, more conversations around 10-day re-evaluation periods for CMMC assessments, stats on completed assessments and ecosystem growth, ESP and CSP clarification, and so much more...

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

AB Town Halls: https://cyberab.org/News-Events/Town-Halls/Details/march-town-hall

The CMMC program regulation went into effect in December 2024, but the DoD can't insert CMMC requirements in contracts until they finish revising regulatory contract clause language. The window for the long-awaited contract clause final rule is opening next month. We predict that CMMC will start showing up in defense contracts between June – October 2025.

Episode Links:

Pathfinder 101: https://www.summit7.us/pathfinder

Pathfinder Demo: https://youtu.be/JiDTCchfCa0?si=JJFplxSfvkaRVhRo

DFARS 7012: https://youtu.be/cy4e28YAkXU?si=enUg-mPyZgl3FlYK

PALT: https://youtu.be/NZs4f5voyrg?si=KOEiREzXFe5LNAXZ

Katie's Keynote: https://youtu.be/OrPsD24j2Es?si=NSyhli9NW7Y1HJSH

Contractor noncompliance: https://youtu.be/lsiR1KSQKUo?si=hSGzUzJFj1x8PT48