Send us a text

🚨 CMMC 2.0 Is Rolling Out: Is Your Business Ready?

The latest version of the Cybersecurity Maturity Model Certification (CMMC) is reshaping how contractors handle security across the Defense Industrial Base. From new assessment levels to increased scrutiny, the changes are significant—and noncompliance could cost you contracts.

Understand what’s changed
🧩 Learn how implementation will impact your operations
🛡️ Get expert insights to stay compliant and competitive
👉 Tune in now to hear the full breakdown in our latest episode.

#CMMC #CyberSecurity #DFARS #DefenseContracting #Compliance #CMMC2 #CMMCImplementation #JunCyber

Support the show

Send us a text

🚨 N𝗲𝘄 𝗣𝗼𝗱𝗰𝗮𝘀𝘁 𝗘𝗽𝗶𝘀𝗼𝗱𝗲 𝗔𝗹𝗲𝗿𝘁! 🚨

We’re breaking down 𝗖𝗠𝗠𝗖 𝗖𝗲𝗿𝘁𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗥𝗲𝗮𝗱𝗶𝗻𝗲𝘀𝘀 for manufacturers navigating defense contracts 🛡️🏭

If you’re part of the DoD supply chain, this episode is your essential guide to prepping for CMMC success.

🎙️ What’s Inside:

✅ What manufacturers need to know about CMMC 2.0
✅ Common pitfalls and how to avoid them
✅ Steps to get audit-ready without overwhelm
✅ Insights from industry experts and assessors
✅ Aligning NIST 800-171 controls with your business

Don’t get caught off guard—tune in to learn how to protect your contracts, safeguard data, and stay compliant in today’s cybersecurity-first landscape.

#CMMC #Cybersecurity #DIB #DefenseContracting #NIST800171 #AuditReady #Compliance #GovCon #RiskManagement

Support the show

Send us a text

In this episode of CMMC News, we break down DoD Instruction 5200.48—the Department of Defense’s rulebook for handling Controlled Unclassified Information (CUI). Hosts take you through what CUI really means, why the DoD created a standardized approach, and what it takes to handle, mark, and share sensitive information properly. Learn why it’s critical for both DoD staff and contractors, what the marking and safeguarding requirements look like in real life, and how agencies and industry partners share the responsibility for CUI protection. With insights into NIST 800-171, legacy document handling, day-to-day challenges, and the penalties for missteps, this deep dive gives listeners a practical take on why understanding CUI is essential to compliance and security across the defense ecosystem.

Support the show

Send us a text

If you're a Department of Defense (DoD) contractor, navigating the world of CMMC 2.0 is essential—and it starts with understanding the role of a C3PAO. In this episode, we break down what a Certified Third-Party Assessor Organization (C3PAO) is, why it matters, and what to expect during a third-party CMMC assessment.

You’ll learn:

• What a C3PAO does and how they’re approved
• Why passing a C3PAO assessment is non-negotiable for many contracts
• What the assessment process looks like from start to finish
• How much a CMMC assessment might cost
• Tips for finding a trusted C3PAO and preparing effectively

We also share a behind-the-scenes look at Jün Cyber’s own journey toward becoming a certified C3PAO. Whether you're starting your compliance journey or getting ready for your official audit, this episode gives you the clarity and confidence to take the next step.

🛡️ Subscribe for more insights on CMMC, compliance tips, and updates from the defense cybersecurity world.

Learn more at juncyber.com.

Support the show

Send us a text

🚨 Working with the Department of Defense or handling Controlled Unclassified Information (CUI)? Here’s what you need to know about the DOD’s new approach to NIST SP 800-171 Revision 3 ODP values.

Just listened to the latest episode of CMMC News, where the hosts did a deep dive into the recent DOD memo standardizing “Organization Defined Parameters” (ODPs) for protecting CUI. If you’re a defense contractor—or work in the DIB—these aren’t just guidelines, they are your new minimums.

🔑 3 Key Takeaways:

• No More Guesswork: The DOD has filled in the “blanks” of NIST 800-171 R3 by setting specific ODP values. These are now the baseline for all contractors—think max inactivity timeouts, access control reviews, and patching deadlines.
• Timelines Are Tight: Some key numbers to know:
  • Account inactivity? Disable within 90 days.
  • Privileged session logoff? Required at end of work period.
  • High-risk vulnerability patching? 30 days max.
  • Quarterly updates for password “bad lists” and system inventories.
• Documentation & Continuous Vigilance: Annual (or more frequent) reviews for policies, logs, training, and agreements are now required. Plus, always justify and document any deviations or risk-based modifications—the DOD wants your decisions traceable.

The big picture: The DOD is taking out ambiguity. If you handle CUI, you must implement these specific controls—or document strong justification for any flexibility allowed. And these requirements will change as threats evolve, so keep your risk assessments and compliance efforts agile.

Want the full detail? Highly recommend listening to the episode and reviewing both the NIST SP 800-171 R3 standard and the new DOD ODP memo. Stay compliant, stay secure! 💪

See the original PDF here: https://drive.google.com/file/d/1rtgUmlaCiUKst-mHR7Fsz5O95g46hCra/view

#cybersecurity #DoD #NIST #CUI #compliance #riskmanagement #defenseindustry

Support the show

Send us a text

🔍 Want to stay ahead in the world of government contracts and cybersecurity? Dive into our latest CMMC News episode where we explore the NIST SP 800-171 DoD Assessment Requirements. It's all about breaking through the wall of acronyms and jargon to ensure you know exactly what the Department of Defense expects when it comes to protecting sensitive information.

Here are 3 key takeaways:

• Understand Assessment Levels: We break down the three types of cybersecurity assessments — Basic, Medium, and High — and what each level of confidence means for your contract requirements with the DoD.
• Supplier Performance Risk System (SPRS): Learn how all assessment scores are recorded in SPRS, the centralized database that helps the DoD gauge the cybersecurity health of their contractors.
• Subcontractor Compliance: Discover how these requirements flow down to subcontractors and what obligations primes have to ensure their partners are compliant.

Stay informed, secure those contracts, and fortify your cybersecurity posture! 🎧🔒

#Cybersecurity #DoD #NISTSP800171 #GovernmentContracts #CMMCNews

Support the show

Send us a text

We just dived deep into the Department of Defense's NIST SP 800-171 assessment requirements. This is crucial for any contractor involved with DoD contracts, especially when it comes to cybersecurity. Here are three key takeaways:

• Assessment Frequency: If you're implementing NIST SP 800-171, make sure you have a recent assessment conducted within the last three years for every covered information system tied to DoD contracts.
• Assessment Levels: There are three types of DoD assessments - Basic, Medium, and High. Understanding which level applies to you and how to proceed can make or break your eligibility for DoD contracts. The details for each can be found in another key document, the NIST SP 800-171 DoD Assessment Methodology.
• Reporting Requirements: Once your assessment is complete, post your summary level scores in the Supplier Performance Risk System (SPRS). This is a mandatory step to demonstrate your commitment to cybersecurity, and remember, time is of the essence – scores need to be posted within 30 days of assessment completion.

🔗 If you’re involved in defense contracting, keeping up with these requirements is non-negotiable! Tune into our latest episode for the full breakdown and stay ahead in the ever-evolving landscape of cybersecurity standards.

For the official CMMC documentation, click this link: https://dodcio.defense.gov/cmmc/Resources-Documentation/

#DefenseContracting #Cybersecurity #NISTSP800171 #DOD #CMMCNews #PodcastHighlights

Support the show

Send us a text

Hello LinkedIn community! 🌐 As we delve deeper into the cybersecurity requirements for Department of Defense (DOD) contracts, understanding DFARS Clause 252.204-7012 is crucial. It outlines safeguarding covered defense information (CDI) and protocols for cyber incident reporting. Here are three key takeaways for businesses and contractors engaging with the DOD:

• Understanding CDI: It’s essential to recognize what constitutes covered defense information. CDI includes sensitive technical data, like military blueprints and designs, and any information listed in the controlled unclassified information (CUI) registry. Whether provided by the DOD or generated during contract work, this data requires strict protection.
• Timely Reporting: In the event of a cyber incident, the clock is ticking. Incidents must be reported within 72 hours to the DOD. This rapid reporting helps mitigate potential damages and underscores the importance of having efficient processes in place to identify and report any compromises.
• Subcontractor Responsibilities: Prime contractors must ensure that subcontractors comply with the same cybersecurity requirements. This includes using standardized controls outlined in NIST SP 800-171 and ensuring that all reporting protocols are followed. If deviations are necessary, these must be formally requested and approved.

In a world where cybersecurity is critical, adopting such stringent measures not only protects sensitive information but also reinforces the security of the defense industrial base. Let's leverage these practices to enhance data security across various sectors.

For the official CMMC documentation, click this link: https://dodcio.defense.gov/cmmc/Resources-Documentation/

#CyberSecurity #DOD #DefenseContracts #DataProtection #Compliance #DFARS #CyberIncidentResponse

Support the show