CMMC Insights Blog
CMMC Compliance
Choosing the Right Cloud for Small Defense Contractors in 2025
October 28th, 2025 by Matthew Locke
Discover how small defense contractors can select compliant cloud environments for CMMC Level 1 and 2, balancing data type, regulations, and budget in 2025.
CMMC Compliance
Google Workspace vs GCC High for CMMC Level 2 Compliance 2025
October 22nd, 2025 by Matthew Locke
Compare Google Workspace and Microsoft GCC High to determine which cloud meets CMMC Level 2 compliance requirements for handling Controlled Unclassified Information.
CMMC Compliance
Microsoft GCC High and the 48 CFR Final Rule: Compliance Updates 2025
October 9th, 2025 by Matthew Locke
Learn how the 48 CFR Final Rule mandates Microsoft GCC High for DoD contractors handling CUI and key migration strategies for 2025 compliance.
CMMC Compliance
CUI vs FCI Under 48 CFR Final Rule: Defense Contractor Guide 2026
October 7th, 2025 by Jim Carlson
What's the difference between CUI and FCI under the 48 CFR Final Rule? A defense contractor guide to data classification and CMMC compliance in 2026.
CMMC Compliance
CMMC 48 CFR Final Rule: Avoid Level 2 Assessment Pitfalls in 2025
October 6th, 2025 by Matthew Locke
Learn key pitfalls in CMMC Level 2 assessments under the 48 CFR Final Rule and how disciplined documentation, evidence logs, and POA&Ms ensure compliance success in 2025.
CMMC Compliance
Anonymizing CUI for Subcontractors: CMMC Compliance Guide 2025
October 3rd, 2025 by Jim Carlson
Learn how to properly anonymize Controlled Unclassified Information (CUI) for subcontractors while maintaining CMMC Level 2 compliance and meeting DoD requirements.
CMMC Compliance
Passwords, MFA, and WiFi Security for CMMC Compliance in 2026
September 26th, 2025 by Matthew Locke
What are the CMMC password, MFA, and WiFi requirements? Learn the NIST 800-171 controls, practical implementation steps, and cost-effective tools for defense contractors in 2026.
CMMC Compliance
SIEM Requirements for CMMC Compliance in 2026
September 17th, 2025 by Matthew Locke
Does CMMC require a SIEM? Learn the NIST 800-171 logging and monitoring controls, what assessors actually look for, and practical SIEM alternatives for defense contractors in 2026.
CMMC Compliance
CMMC Certification Timing for DoD Contract Awards in 2025
September 16th, 2025 by Jim Carlson
Learn why CMMC certification must be in place at contract award for DoD contracts and how conditional certification affects contract eligibility.
CMMC Compliance
Can You Win DoD Contracts with Only Conditional CMMC Status?
September 15th, 2025 by Matthew Locke
See how conditional CMMC status affects DoD contract bids. Learn 180-day limits, subcontractor acceptance, and steps to move from conditional to full compliance.
CMMC Compliance
Microsoft 365 GCC High Migration: A CMMC Compliance Roadmap for Defense Contractors
September 4th, 2025 by Matthew Locke
Planning a GCC High migration? Learn tenant rebuild steps, PowerShell automation, CMMC Phase 2 requirements, and realistic costs for defense contractors in 2026.
CMMC Compliance
Is Vulnerability Data Controlled Unclassified Information? A Guide for Defense
September 3rd, 2025 by Matthew Locke
Find out when vulnerability data is classified as CUI and how defense contractors should secure it to meet CMMC and DoD cybersecurity compliance requirements.
CMMC Compliance
What Evidence is Needed for a CMMC Level 2 Assessment?
September 1st, 2025 by Matthew Locke
Learn what evidence is needed for CMMC Level 2 assessments, including policies, logs, configs, training records, and review proof to ensure compliance success.
CMMC Compliance
Do I Need to Re-Certify Every Time I Change My Network? Navigating CMMC Compliance with Confidence
August 28th, 2025 by Matthew Locke
Learn when CMMC re-certification is required for network changes, best practices for maintaining compliance, and how to manage your certification confidently.
CMMC Compliance
Microsoft GCC vs GCC High: Choosing the Right Cloud for Small Defense Businesses
August 26th, 2025 by Matthew Locke
Compare Microsoft 365 GCC and GCC High for small defense contractors. Learn core differences, costs, ITAR rules, migration timelines, and Copilot availability.
CMMC Compliance
System and Communications Protection: Securing Data for CMMC Compliance
July 18th, 2025 by Jim Carlson
Learn how to secure your data in transit and at rest with System and Communications Protection practices essential for CMMC Levels 2 and 3 compliance.
CMMC Compliance
Securing Physical Access in CMMC: Mastering the Physical Protection Domain
July 11th, 2025 by Jim Carlson
Master the Physical Protection domain in CMMC by controlling facility access, using logs and badges, and applying compliance strategies for contractors.
CMMC Compliance
Ensuring Secure IT System Maintenance with CMMC’s Maintenance Domain: What You Need to Know
July 8th, 2025 by Jim Carlson
Learn how to secure IT system maintenance with CMMC’s Maintenance domain. Discover essential controls, common pitfalls, and compliance tools at Level 2 certification.
CMMC Compliance
Making CMMC Simpler
June 24th, 2025 by Kristian Locke
CMMC compliance doesn’t have to be overwhelming. The most effective compliance platforms are built with real-world users in mind, focusing on usability, teamwork, and cost.
CMMC Compliance
Identification and Authentication in CMMC: How to Verify User Identities and Secure Access (Updated for Final 48 CFR Rule)
May 29th, 2025 by Jim Carlson
Learn the critical Identification and Authentication controls for CMMC Level 2 under the 48 CFR Final Rule. Implement MFA and account management with proper evidence for compliance.
CMMC Compliance
Building a Security-Aware Workforce: Mastering the Awareness and Training Domain of CMMC 32 CFR Part 170
May 19th, 2025 by Jim Carlson
Master the Awareness and Training domain of CMMC 32 CFR Part 170 with tailored, ongoing cybersecurity education to protect your workforce and CUI.
CMMC Compliance
Mastering Audit and Accountability in CMMC: Essential Practices for Compliance
May 12th, 2025 by Jim Carlson
Learn how to master Audit and Accountability in CMMC Levels 2 and 3 with best practices, automation tips, and compliance strategies to protect your data.
CMMC Compliance
Understanding the Access Control Domain in CMMC: What You Need to Know
May 6th, 2025 by Jim Carlson
Learn about the Access Control domain in CMMC, its 14 essential practices, and how to ensure compliance with effective cybersecurity controls.
CMMC Compliance
The 14 CMMC Domains Explained: Beginner's Guide to Cybersecurity Compliance
May 3rd, 2025 by Jim Carlson
Explore the 14 CMMC cybersecurity domains and how they impact compliance at each level. A clear, beginner-friendly guide for defense contractors.