{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Secure Talk Podcast","title":"Why you could fail your CMMC Level 2 C3PAO audit | Secure Talk with Logan Therrien ","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/4563c233\"></iframe>","width":"100%","height":180,"duration":3219,"description":"You did your self assessment and received a perfect 110 score, congratulations! You met with your C3PAO and scored less than 0. What happened!How can two CMMC assessors examine the same defense contractor and arrive at completely different scores? A lack of rigor in assessment methodology could mean the entire certification system is measuring the assessor — not your security. Logan Therrien, Chief Strategy Officer at Kieri Solutions and one of the original C3PAO lead assessors in the U.S., joins Justin Beals to expose a critical flaw in how CMMC Level 2 assessments are conducted today: no standardized evidence sampling methodology.This episode is for DoD contractors, compliance consultants, and defense industry executives who want to understand what's at stake — and how to navigate assessments before the rules tighten further.What you'll learn:Why NIST 800-171 was intentionally vague — and how that backfired for assessorsHow one assessor might review a single evidence point while another reviews 100%What ISO 17020 accreditation will require of C3PAOs and why it matters nowWhat the 48 CFR expansion means for 118,000+ contractors in the supply chainHow to prepare for an assessment so it feels like an open-book testLogan also co-authored the peer-reviewed paper \"The Need for Standardized Evidence Sampling in CMMC Assessments: A Survey-Based Analysis of Assessor Practices\" (with John Hastings) — one of the first data-driven studies of assessment methodology in the CMMC ecosystem.Chapters00:00 Introduction to Secure Talk and Psychometrics01:45 Understanding CMMC and Its Implications05:32 Logan Therian's Background and Insights09:16 The Challenges of Assessment Methodologies16:10 The Scale and Impact of CMMC Assessments20:31 Navigating Standards in Cybersecurity23:53 Evidence Testing in CMMC Assessments27:43 The Importance of Reliable and Accurate Assessments36:22 Building Trust Between Industry and Defense41:46 Future Directions in CMMC ResearchResources: Therrien,...","thumbnail_url":"https://img.transistorcdn.com/FI5U-V5f7xdITFyeJIbD7DHq2VtWIj7V7SxzbEqbbTM/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS81NzRj/MTkwYWEwN2IzMjIw/ZjRhZTE0MGJiYjhi/N2YxMS5qcGc.webp","thumbnail_width":300,"thumbnail_height":300}