The four phases of a CMMC assessment
Norris Carden, a lead CMMC assessor who has seen the industry from both the implementation and auditing sides. He explains the fundamental necessity of the system security plan and how it serves as the primary document for any official evaluation. The conversation highlights why many organizations struggle with the technicalities of log management and periodic reviews. Norris also outlines the specific phases of an assessment, providing a roadmap for small businesses looking to secure government contracts. Listeners will learn why access control remains the most frequent point of failure and how to properly prepare for an audit before the first day begins. Episode chapters: 00:00 Introduction 00:50 From the newsroom to cybersecurity leadership 06:45 Lessons from the early days of CMMC 10:17 Why most implementation statements are incomplete 14:14 The widespread misunderstanding of log reviews 19:29 Why the system security plan is what gets assessed 24:19 Navigating the four phases of an assessment 32:47 The value of a mock assessment 40:10 Managing authorized users and Active Directory 46:39 Why an internal IT manager might not be enough 50:58 Access control as the foundation of everything 54:40 Final thoughts and wrap up Quotes: "Access control is the biggest one that most people fail because access control is the foundation that everything else is built upon. If you don't identify who your users are and document it, you're going to fail within 15 minutes of your assessment starting." "It's the SSP that's getting assessed. The system security plan is what's getting assessed. If you're doing it, that's awesome. But you gotta show me. You gotta demonstrate in words how." "Hire somebody that knows what they're doing. That's it. The company that hired me last year had an internal IT manager who said, 'I've read NIST 800-171, I can do this' and obviously he did, but that's rare." Connect with the team: 👉 Jacob Anderson on LinkedIn: / 👉 Bruno Lecoq on LinkedIn: / 👉 Brandon Lecoq on LinkedIn: / brandon-lecoq 👉 BEMO Website: https://www.bemopro.com/ Trust Issues is handcrafted by our friends over at: fame.so (https://www.fame.so/?utm_medium=podca...)
The 4-phase AI security framework nobody talks about
German Pilot Tested A Captured Spitfire... His Words Shocked The Luftwaffe
Passkeys Explained: Are They Actually Better Than Passwords?
Software engineer driven to insanity from 2026 Job Market
The Evolution and Enforcement of CMMC with Jacob Anderson
Steve Rosenberg inside Putin's economic forum | BBC News
Sei achtsam! Lisa Eckhart bei Humorzone - Die Gala 2026 | MDR SPASSZONE
Retired Amazon VP: How Corporate Politics Work And How To Win | Ethan Evans
Doctor Explains The Best Foods To Eat to Lower Blood Sugar FAST
How To Think SO CLEARLY People Assume You're A Genius
Rory Sutherland - Alchemy: The Surprising Power of Ideas That Don't Make Sense
What it takes to pass a CMMC audit: Norris Carden’s expert advice
10-Minute Match: Brazil vs Germany | 2014 FIFA World Cup Semi-Final
Watch Ukrainian Drones OBLITERATE a Russian Jet
Most Leaders Don't Even Know the Game They're In | Simon Sinek
Clara Mattei: capitalism is not natural - it’s enforced
Inside Anthropic, the $965 Billion AI Juggernaut | The Circuit
It Takes a Village to Win the CMMC Game: BEMO’s Story
Stop Rambling: The 3-2-1 Speaking Trick That Makes You Sound Like A CEO
