top of page

The Big Blog
CMMC Phase 2 Is Paused. CMMC Level 2 Requirements Are Not.
The United States Department of War's July 13 announcement has created understandable confusion across the Defense Industrial Base, but one distinction is critical: The 60-day review pauses the implementation timeline for Phase 2 C3PAO certification requirements; not the cybersecurity requirements for organizations handling Controlled Unclassified Information (CUI). Since the announcement, many defense contractors have understandably asked the same question: Does this mean CM
2 hours ago2 min read
Â
Â
Â
CMMC Flow Down Requirements Are About to Reshape the Defense Supply Chain
For years, much of the discussion surrounding Cybersecurity Maturity Model Certification (CMMC) has focused on assessment preparation, documentation, and implementing the technical safeguards required by NIST SP 800-171. Those remain essential components of compliance, but another challenge is quickly emerging that could have an even greater impact on the Defense Industrial Base. As CMMC requirements begin appearing in contracts, organizations will not only need to demonstrat
Jul 76 min read
Â
Â
Â
CMMC Assessment Challenges in 2026: Insights from Experts on Trends and Pitfalls
In the evolving landscape of CMMC compliance, staying ahead of the requirements is essential. The latest episode of Cape Endeavors' Bytes & Brew podcast features Terry McGraw, CEO of Cape Endeavors, in conversation with Cole French, Director of Cybersecurity Services at Kratos Defense & Security Solutions . As a leading C3PAO and FedRAMP 3PAO, Kratos provides invaluable perspectives on real-world CMMC Level 2 assessments. This discussion highlights trending topics such as ass
Mar 43 min read
Â
Â
Â
bottom of page
