Back to Top Icon

Chattinn Cyber - The Currency of Trust: Navigating CMMC with Mark Jackolski

Shellproof’s own Mark Jackolski was recently featured on the Chattinn Cyber podcast to discuss one of the most pressing topics for today’s defense contractors. Building trust through CMMC compliance.

In this episode, Mark explains while compliance with NIST 800-171 has been required since 2017, CMMC introduces verification of the requirements. Organizations must now demonstrate their cybersecurity posture through third party assessments to remain eligible for federal contracts.

Beyond meeting DoD requirements, Mark describes how CMMC builds reputational credibility, calling it "the currency of trust." He emphasizes the strategic advantage of showing compliance through a recognized badge rather than repeated explanations, which streamlines the contracting process and establishes confidence with partners and clients.

When asked how organizations should begin preparing, Mark advises starting with people: appointing a program leader, engaging executive buy-in, and mapping where sensitive data flows. He warns against relying on underqualified partners and stresses the importance of assessing technical, administrative, and physical requirements early. Missteps like poor documentation or unclear scoping can lead to wasted time and resources.

Finally, Mark highlights the growing relevance of CMMC beyond the DoD. New regulations aim to standardize data protection across all federal agencies, meaning businesses even tangentially involved in government work may soon fall under its scope. As CMMC requirements become embedded contracts by summer 2025, organizations that prepare now will gain a competitive edge in the expanding defense and government market.

5 Key Points

1. CMMC Explained: The Cybersecurity Maturity Model Certification verifies that organizations working with the Department of Defense meet NIST 800-171 cybersecurity standards.

2. Strategic Advantage: Earning CMMC builds trust and provides a significant edge in securing government contracts by signaling a strong cybersecurity posture.

3. Preparation Starts with People: A successful CMMC journey begins by appointing accountable personnel, securing executive alignment, and clearly mapping the flow of controlled unclassified information (CUl).

4. Pitfalls and Guidance: Common mistakes include working with unqualified providers and underestimating documentation requirements. Mark recommends finding certified experts through the Cyber AB marketplace.

5. Growing Scope: CMMC will expand beyond the DoD to other government agencies, making early adoption a strategic move even for subcontractors or non-defense contractors.

5 key quotes

1. "It's the currency of trust." - Mark on how CMMC serves as a reputation badge in the defense industry.
2. "Start by appointing somebody to oversee the entire process." - On the critical role of leadership in compliance efforts.
3. "Documentation is key not just technical controls, but the processes and people behind them."
4. "If you're going to develop a policy or some other procedure, there has to be buy-in from the organization."
5. "CMMC started with the DoD, but it's going to expand to other government agencies. This is just the beginning."

 

Whether you're just getting started or refining your existing program, this conversation offers real world insight into what it takes to build a defensible, scalable cybersecurity posture in today’s defense ecosystem.