Sum IT Up Podcast

    With Jacob Horne and Jason Sproesser

    We sum up the news and developments relevant to CMMC, DFARS, and NIST standards such as SP 800-171, SP 800-53, the NIST Cybersecurity Framework, and others.

    SumItUp Spotify Podcast Button SumItUp Apple Podcast Button SumItUp YouTube Podcast Button

    SumItUp Podcast Art (1)



    Jacob Horne

    Jacob was born with a rare genetic mutation that allows me to read NIST publications and government regulations without experiencing boredom like a normal person. He has made a career out of using this power for good. Now he uses his knowledge of cybersecurity, NIST standards, and federal rulemaking to help people make sense of cybersecurity regulations and requirements. At the moment he is primarily focused on using NIST SP 800-53 to clarify the bizarre, heavily tailored world of NIST SP 800-171 and CMMC.



    Jason Sproesser

    With over 10 years of experience in GRC and IT management, Jason Sproesser is a Senior Cybersecurity Product Manager at Summit 7 Systems, a national leader in cybersecurity and compliance for the Aerospace and Defense industry and corporate enterprises. Jason holds the CMMC Certified Professional (CCP) and Provisional Instructor badges, certifications which demonstrate his knowledge and expertise in the Cybersecurity Maturity Model Certification (CMMC) framework and standards.


    See All Episodes

    Subscribe to the Podcast

    We'll send you the latest episode to your email.

    CMMC Rule Wishlist
    It’s Christmas time so we put together our wishlist of what we’d like to see in the upcoming CMMC rule.
    Cyber AB 2023 Year in Review
    The November Cyber AB Town Hall was recapped the CMMC ecosystem highlights from 2023. Assessor numbers have increased, but will there be enough assessment capacity to meet demand?
    Gobbling Up Rulemaking News
    OIRA’s review of the CMMC rule is nearly complete and we expect the CMMC proposed rule to be published sometime between Thanksgiving and mid-December. On top of that, DoD has initiated rulemaking to revise DFARS clause 252.204-7012. In this episode we dive into the rulemaking feast.
    NIST SP 800-171 revision 3 with Dr. Ron Ross
    The great and powerful Dr. Ron Ross returns to walk us through the latest drafts of NIST SP 800-171 and SP 800-171A: what they are, why they are, where they’re going, and what’s in store for federal contractors handling controlled unclassified information (CUI).
    7 Things to Know About the 171r3 and 171Ar3 Drafts
    The final draft of NIST SP 800-171 revision 3 and the initial draft of SP 800-171A are out. There are simultaneously more and fewer requirements. ODPs have gone away, but not really. Problematic assumptions were reversed only to be repeated. Up is down; left is right; and the final revisions are expected in a few short months. Today we dive into the first 7 things you need to know.
    View More
    The final draft of NIST SP 800-171 revision 3 and the initial draft of SP 800-171A are due to be published soon. In this episode we dive into seven questions at the front of our minds before the big day.
    View More
    The CMMC rule got a 30-day extension for the pre-publication review by the Office of Information and Regulatory Affairs (OIRA). The Cyber AB got notice that the DoD Inspector General is auditing the accreditation process for C3PAOs. In this episode we discuss why both of these things aren’t as big of a deal as they might seem.
    View More
    The regulatory review of the CMMC rule is coming to an end. That means we should see a published CMMC rule in the next few weeks. In this episode Jason and Jacob dive into 7 things you need to know to hit the ground running when the public comment window opens.
    View More
    The cost of CMMC is an often asked question among the DIB that’s rarely answered. Today we finally get some answers. Jacob and Jason guide us from NIST SP 800-171, back through SP 800-53 (that 800-171 is based on), and home again with a treasure-trove: CMMC cost considerations to share with your team.