CMMC Series Part 1: Everything You Need to Get Certified (Levels 1-3, Scoping & Audit Process)

The Cybersecurity Maturity Model Certification (CMMC) is now live and every organization in the DoD supply chain will need to comply. In this deep-dive session, risk3sixty experts break down exactly what you need to know to prepare for CMMC Levels 1-3, scope your environment, understand timelines, and navigate the new phased rollout through 2028. Whether you're a prime contractor or a subcontractor, this walkthrough will help you understand your requirements, avoid common pitfalls, and confidently prepare for a C3PAO audit. What You’ll Learn: The phased rollout of CMMC (2024–2028) and what each phase requires The difference between FCI and CUI, and why it affects your level Who CMMC applies to (primes, subcontractors & the entire supply chain) CMMC Levels 1, 2, and 3 controls, objectives, and audit expectations The critical importance of scoping What to expect during a C3PAO audit (4-phase process) Typical timelines (implementation & certification) How RPOs and C3PAOs work together to streamline your path Budget ranges & resource considerations for your first audit Watch CMMC Part 2: How to Add CMMC to an Existing SOC 2 or ISO 27001 Program -    • CMMC Part 2: How to Add CMMC to an Existin...   Timestamps: 00:00 - Introduction 02:20 - CMMC history 03:25 - CMMC rollout and key dates 05:30 - The difference between FCI and CUI 11:00 - The CMMC ecosystem 15:05 - Questions to ask if you're considering CMMC 17:43 - Certification levels (1-3) and applicability 22:25 - Scoping 27:10 - Scoring methodology 31:01 - CMMC controls 32:50 - Implementation process 36:54 - Typical implementation timeline 40:31 - Certification process 44:33 - Selecting a C3PAO