In this episode of Contracting Conversations, cybersecurity
expert Kelley Kiernan demystifies the Cybersecurity Maturity Model
Certification (CMMC) 2.0 and what it means for today’s contracting teams. She breaks
down core cybersecurity concepts (confidentiality, integrity, and
availability), explains the difference between Federal Contract Information
(FCI) and Controlled Unclassified Information (CUI), and discusses why CUI
marking, dissemination controls, and aggregation matter. Kelley walks through
how CMMC levels are tied to the data a contract provides or generates, how
requirements appear in solicitations, and where to find official training and
practical resources—including courses, FAQs, implementation guidance, and
ongoing WarU Cyber Solutions webinars. A clear, action-oriented primer to help
you get a handle on CMMC and protect the defense supply chain.
Available on DAU Media, Apple Podcasts, and YouTube. If you
enjoy our content, please hit the like button to support us!
If you are watching this video on DAU Media, but rather
watch on YouTube, go to https://www.youtube.com/channel/UCbF8yqm-r_M5czw5teb0PsA
Apple Podcast: https://podcasts.apple.com/us/podcast/contracting-conversations/id1621567225
DoD CUI Program:
https://www.dodcui.mil/WARU Cyber Solutions website:
https://www.dau.edu/cybersecurity/cyber-solutionsWarU CMMC for Practitioners course:
https://www.dau.edu/courses/cyb-1020CMMC Implementation FAQs:
https://dowcio.war.gov/Portals/0/Documents/CMMC/CMMC-FAQsv4.pdfPart 32 CMMC Program Rule:
https://www.federalregister.gov/documents/2024/10/15/2024-22905/cybersecurity-maturity-model-certifi...Part 48 DFARS requirement:
https://www.federalregister.gov/documents/2025/09/10/2025-17359/defense-federal-acquisition-regulati...