Securing Custom Software: Documenting Software Security Controls for CMMC Compliance

In this episode, Kaleigh and Bobby welcome back Kyle Lai to discuss the challenges and insights surrounding C3PAOs and the CMMC framework. They explore Kyle's journey into the C3PAO space, the current state of audits, and the importance of software development in compliance. The conversation highlights the need for collaboration between IT and software development teams, the significance of understanding controlled unclassified information (CUI), and the challenges faced during assessments. Kyle shares valuable insights on vulnerability management, the impact of open-source software, and strategies for leveraging existing platforms to ease compliance efforts. The episode concludes with a call for better communication and collaboration within organizations to ensure successful assessments and compliance.

Kyle's LinkedIn: https://linkedin.com/in/kylelai/
KLC Consulting: https://klcconsulting.net

Web Application Reference Architecture: https://acrobat.adobe.com/id/urn:aaid:sc:US:8bb4ebc1-8287-40af-8761-31bc035fa64c
KLC's Playbook for CMMC Assessors: https://acrobat.adobe.com/id/urn:aaid:sc:US:abd836d0-7eea-43e5-ae72-86d06197fc54
KLC's Software Security Principles Template and Related Resources:
https://klcconsulting.net/cmmc-resource-tools/

LinkedIn: https://www.linkedin.com/in/bobbyguerra/
Website: https://www.axiom.tech/
YouTube: https://www.youtube.com/channel/UCaJagoDasNG3MqLqw2Af_ZQ
Kaleigh's: (1) Kaleigh Floyd | LinkedIn