Security Breach
Clarifying the Big-Picture Impacts of CMMC
Jan 22, 2026
Eric Sorensen
Send us a text
Back in 2020, the Department of Defense, as it was called at the time, introduced the Cybersecurity Maturity Model Certification (CMMC). It carried the goal of ensuring companies would be able to protect sensitive information when working on government contracts.
The program requires contractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) to meet specified cybersecurity standards. Prior to CMMC, DoD contractors were required to self-attest cybersecurity compliance with frameworks set up by the National Institute of Standards of Technology (NIST).
Fast forward to September 10 of last year and the Department of War as it’s now known, published an update to the CMMC – basically launching a three-year rollout of elevated cybersecurity requirements.
To help clarify some of the challenges and benefits associated with CMMC, I invited Mark Knight to the program. He's a Partner and Cybersecurity Risk Advisory Leader at Armanino. Listen as he offers:
- Details on what the updated CMMC is all about.
- The challenges of meeting these new compliance standards.
- Embracing the good and bad of government ambiguity in complying with CMMC.
- The impact this certification could have on all manufacturers, regardless of whether or not you’re going after DOW contracts.
- The good and bad of utilizing AI for compliance work.
- How CMMC could spur M&A activity within the cybersecurity tool sector.
- The potential supply chain impacts of companies deciding against pursuing CMMC compliance.
As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
Click Here to Become a Sponsor.
To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.
If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.
Clarifying the Big-Picture Impacts of CMMC
41:23
Shiny Objects and the Power of Preparation
44:22
You Don't Have to Out-Tech the Hacker
40:55
Speaking the Right Language
46:39
Why People Are Not the Biggest Risk
49:03
Preserving Uptime in the Face of Evolving Attacks
31:05
New Patching Strategies for Old Vulnerabilities
26:12
The Wild & Weird of Industrial Cybersecurity
30:33
Using AI to Stay Ahead of the Hack
31:41
Threat Landscape Update
49:32
Cure Me or Kill Me - The Little Things That Escalate Attacks
43:18
Being 'Proactively Paranoid, Not Paralyzed'
36:54
Why More Hackers Are Logging On Than Breaking In
32:27
You Think You Know Me
35:06
Avoiding the Ostrich Approach
50:46
'We've Made Our Own Prison'
42:19
Dark AI Speeding Hacker Evolution
36:11
Why Ransomware, Credential Theft and Phishing Schemes Persist
39:22
Unsecure Webcam Was All a Ransomware Group Needed
31:23
IABs, Dark Web Fueling Ransomware Surge
38:41
Manufacturing’s Internal Cyber Struggles
27:18
Observations of an Ethical Hacking Researcher
35:35
The Evolution of OT Vulnerabilities
36:47
The Legacy of AI in Cybersecurity
26:46
A Happy Ending to the Latest ICS Hack
29:25