Podcast Summary: Sum IT Up: CMMC News Roundup
Episode: Monthly Cyber AB Town Hall Recap (January)
Host: Summit 7
Guests: Jacob Hill, Joy Bielen
Release Date: January 29, 2026
Overview of Main Theme
This episode provides an in-depth recap of the January Cyber AB Town Hall, breaking down the latest developments in the Cybersecurity Maturity Model Certification (CMMC) ecosystem. It highlights critical updates from the Department of Defense (DoD) and Cyber AB, the evolving training resources, program milestones, community ethics, and, most notably, the transition of the Keiko (CMMC accreditation body) under control of ISACA. The team addresses community concerns, dispels rumors, and offers first-hand insights about navigating changes in training and certification within the CMMC landscape.
Key Discussion Points & Insights
1. Leadership Updates at the DoD (00:34–01:52)
- New DoD CIO: Kristen Davies transitions in as the new CIO, succeeding Katie Arrington.
- Quote: "Confirmation went through on the 23rd of December...thanks to Katie Arrington who served in that position before...now it's time to move on to a new regime." [01:04]
- The panel expresses optimism about new leadership and continued CMMC evolution.
2. Training & Content Resource Developments (01:52–05:36)
- New Training Resources: Department of War and Defense Acquisition University (DAU) introduce CMMC-oriented microlearning modules.
- Three main courses: Intro to CMMC, CMMC for Practitioners, CMMC for Senior Leaders.
- Jacob Hill’s insight: "I don't know how to get access to those courses because they seem to be behind a wall that is asking for a CAC...but they do have some micro learning small lectures out there that are publicly available." [02:35]
- The team agrees more resources are positive and hopes DAU access improves.
3. Release & Clarification of CMMC FAQs (05:36–05:53)
- New FAQs for CMMC published and discussed in recent Cyber AB town hall.
- Listeners are referred to previous podcast episode for an FAQ deep dive.
4. Federal Appropriations and Possible Program Slowdowns (05:41–07:53)
- Potential Government Shutdown: The threat of lapsed federal funding could mirror last year's disruptions.
- Expect similar delays in Tier 3 screenings, C3PAO authorizations; assessments to continue with minor hiccups.
- Some impacted organizations have already secured funding, possibly minimizing disruption.
- Quote: "Whatever you saw last time during the government shutdown...if a government shutdown were to happen again...expect the same user experience." [06:07]
5. CMMC Ecosystem Growth & State of the Program (07:53–12:44)
- Certifications: Over 800 CMMC Level 2 certifications issued (final and conditional) in ~90 days since November 10, 2025.
- Quote: "We are at over 800 CMMC Level 2 certifications issued, whether they are final or conditional. Insane numbers." [07:54]
- Assessment Ecosystem: 8% growth in CCAs, 6% in CC fees, 13% in lead TCAs since last town hall.
- 48 new Lead CCAs since December.
- Discussion on the realistic participation of certified assessors in actual assessments.
- Internationalization: Four non-US-based C3PAOs in the authorization pipeline (South Korea, Canada, Australia, Taiwan).
- Quote: "It's going global...the Defense industrial base has organizations based outside the US...those people need to be assessed too." [12:30]
6. Cyber AB Board of Directors Changes (12:44–15:06)
- Announcements and praise for new board appointments, citing the importance of fresh, broad industry perspectives.
- Joy Bielen on Sunil Yu: "He's just so personable and so smart and inclusive and an amazing person. So it's really exciting to see him now...on the new board for the Cyber ab." [14:18]
- Host: "The importance of having people with established backgrounds in different elements of industry...to prevent an echo chamber." [15:06]
7. Complaints, Appeals, & Ethics in the CMMC Ecosystem (16:20–23:01)
- Cyber AB’s Role: Must adjudicate complaints within purview, maintain confidentiality per ISO standards.
- Common complaints: Violations of the Code of Professional Conduct (COPC), organizational gripes.
- Quote: "They have the corporate responsibility to adjudicate and respond to all matters that are within their purview." [16:22]
- No public penalty disclosure per ISO requirements.
- Recurring Ethics Topics:
- Present yourself honestly, charge fair prices, never guarantee assessment outcomes, refrain from disparaging others.
- Quote: "If it's good enough, business will come. Charging fair and reasonable prices..." [19:32]
- Updated processing: submitters now get acknowledgment and trend tracking (Joy: "when I submitted it for review, I received a customized response acknowledging that they had received it, and also that I wasn't the only submission..." [21:34])
8. Main Topic: ISACA Takeover of Keiko – Scale, Concerns, & CPEs (23:01–46:20)
Setting the Context of the ISACA Transition (24:39–28:11)
- ISACA acquires Keiko; announcement framed as an acquisition, ISACA: “positions ISACA at the center of the largest cybersecurity certification program in the world.” [24:48]
- ISACA brings resources: ~300 employees, global reach, deep experience in certifying/curriculum management.
- Guest consensus: move driven by need for scalability as CMMC goes global, NOT due to “failure” by Keiko.
Certification, CPEs, and Practitioner Concerns (29:06–37:35)
-
Joy Bielen reassures CCPs/CCAs about the CPE process; ISACA maturity brings “credence or validation” to the certifications.
- Many CPE types accepted: corporate training, conferences, seminars, workshops, vendor presentations (10-hr limit), teaching/instructing, working groups, mentoring (10-hr limit).
- Quote: "Settle down, it's going to be just fine...all of that can be accrued towards the cpe." [31:11]
- About podcast learning: "A lot of the stuff that you've run through sounds like...a podcast that was vertically specific...I can actually get CPE credits for this?" – A [34:35]; C: "Yes, you can..." [35:16]
-
Concerns from the community:
- Cost uncertainty (“Will I have to pay both Cyber AB and ISACA?”)
- Slowdown in curriculum updates during transition.
- Accurate tracking of CPEs to avoid small compliance hiccups derailing certification status.
- Retention of LTP/LPP roles and access to training provider relationships.
ISACA’s Effect on Training Providers & Market Transparency (37:58–42:46)
- ISACA likely to unify and potentially accredit current training partners under its own ATO program.
- Hope expressed for centralized, transparent marketplace for courses/providers, possibly with user reviews.
- Quote: “To have that all under one umbrella for the CCP or the CCA is going to be a benefit to the community.” – C [40:55]
- Potential upshot: more competitiveness, transparency, easier international engagement.
Panel’s Lingering Concerns & Wish List (43:32–45:31)
- Joy: Curriculum update speed.
- Jacob: Concern about double fees and automating communication smoothly.
- Host: Fear that CPE forgetfulness may degrade ecosystem numbers.
- Universal wish: “Actual assessment experience [should] be available, you know, as a CPE opportunity.” – B [45:23]
Notable Quotes & Moments
- On new resources: "These are more resources, more resources to increase awareness in the CMMC program. And I don't think any of us are going to be like, no, stop doing that." – A [03:57]
- On ethics: "You can't tell people they're going to pass if they come to your services. You got to help them pass. And then when they pass, be like, good job, we did it right." – A [19:32]
- On ISACA’s credentials: "The CCP and CCA just became more valuable, you know, because of their backing, because there are accreditations behind them. They're a big name." – B [37:35]
- On ecosystem’s future: "More teams. More assessments. More assessments. More certifications. More certifications. We might get this thing done, folks." – A [10:40]
Important Segment Timestamps
- Leadership & CIO Update: 00:34–01:52
- Training Resources by DAU: 01:52–05:36
- FAQs: 05:36–05:53
- Government Shutdown Threat: 05:41–07:53
- CMMC Certifications & Ecosystem Growth: 07:53–12:44
- Board Appointments: 12:44–15:06
- Complaints, Appeals, and Ethics: 16:20–23:01
- ISACA Takeover Deep Dive: 23:01–46:20
Tone and Originality
The tone is approachable, conversational, and at times humorous—with inside jokes and light ribbing (see the running dad-jokes and math flubs). The podcast balances serious technical insight with community encouragement and practical guidance, often seeking to reassure and empower listeners through uncertainty and change.
Summary for Listeners
This episode is a must-listen for anyone involved in—or impacted by—the CMMC ecosystem. The hosts deliver actionable updates, clarify confusion around the ISACA transition, and provide pragmatic advice for maintaining CMMC credentials. By blending technical assessment with practical community concerns, the conversation offers both concrete updates and a sense of perspective during a period of rapid change. Listeners will come away with a more confident grasp on where the CMMC program stands, how their certifications could be affected, and how best to continue their professional growth and compliance.
