A

Joy, the government is officially shut down. But as they say in show business, the show must go on. And I'm not just talking about our show where we get together and talk about the town hall, but according to the Cyber AV Town hall, the CMMC show is still going to go on regardless if there's a lapse in government funding.

B

Right.

A

And so we're going to get into that and everything else that they talked about at the Cyber AV Town hall. Good to have you back.

C

Yeah, it's good to be back. And no surprises with the government shutdown. I. I don't know about you. I was like, I don't think they're going to come to an agreement. But also no surprises that CMMC keeps on rolling.

A

Yeah, I think. I think that. Because what you said, that this isn't a surprise to anybody, especially the people that kind of prepared the program were just.

B

Yeah, we're good to go.

A

And we're going to kind of get into that to let you know how the program's still going to move on, because they cover that in this town hall. But we're going to just dig in right now with a little bit of the first topic in which they covered, which was the CMMC title 48.48cfr, CMMC final rule. Just an update on the rulemaking and what's to happen. And, you know, we're right around the Corner, Joy, from November 10th and November 10th is when it's going to go live. And as of right now, you know, we're just hanging on because I think we're accustomed to something coming on last minute, little tidal wave coming in and messing up progress and things not firing off how they need to. But according to Eric Crusius, who joined the town hall to talk about this, I. There should be no surprises. Everything aligns with all signs pointing to go for November 10th. I don't think that you see anything to think otherwise.

B

Right?

C

No. I think there's been a lot of recaps of what does Title 48 mean, and they all are pretty consistent. Eric represented it well last night. I thought he did a great job. He always does a good job. I'm a big fan of his, but I love that the big takeaway here is that that what we're seeing is that primes are really going to drive this more than the inclusion necessarily in the contracts. So it'll be interesting to see what happens on the 10.

A

Yeah, I've said this quite a lot, actually, Joy, and I agree with that takeaway that the primes are responsible for their subs. That is going to be the biggest takeaway here. Whether it be the compilation of the UIDs associated with certification status, whether it just be chaining their supply, excuse me, managing their supply chain to the point where they're in tune enough to know whether or not they're secure or not and they can depend on them for contracts. We firmly believe that even in the webinar in which we covered on the 40 year CFR rule last week, we firmly believe, and I'll say me because I don't want to speak for everyone, but I firmly believe that there's this issue where there is some communication coming down and the communication coming down is being relayed from the DOD and this is directly to Primes and giving an update as to how CMMC is going on. And I feel as though people that are maybe 1, 2, 3, even 4 layers removed from that DoD prime level of communication are taking it as it's a direct communication to them. The direct communication. The only takeaway is you need to prepare for cmmc. And we see a lot of the Primes now moving hii, Lockheed Martin, all of them saying what do you guys got going on? We need to know immediately. So speaking of, and we talked about it at the top of the show, Joy. The government now is officially shut down as of midnight following the CMMC or the cyber town hall. Not par for the course. This isn't the first rodeo that we've been through for this, but it is the first rodeo where we have the CMMC program really about to kick off.

B

Right.

A

And it could, depending on how this drags on, could the government shutdown could carry on into our effective date for the CMMC program.

B

Right.

A

But we got a couple assurances from that Travis, during the town hall and realistically.

B

Right.

A

They believe, and there's things in place for them to believe that there's going to be minimal impact to the CMMC program and that it should stay fully operational and functional regardless of the length of the shutdown. Was that the impression that you got?

C

Oh yeah. I mean it's. I like seeing actually that DIBCAC is still going to be out there doing assessments of the C3PAOs and maybe OSCS. I don't know. EMASS is still up functional available. They have a lot of things just the wheels are going to keep on moving. I wonder if the CMMC PMO office is impacted as they say, if that means that there's going to be a little bit of fun being had on Stacy's part. I doubt it. I think that they're like, you know, they have so much to do, but I always wonder if I was in their shoes, if I would use this time to like, oh, I don't know, maybe I'll just go hang out by the beach for a while.

B

Right.

A

Like, for once I'm forced. I can't go to work. It's not at my own doing. I'm not taking, I'm not speaking pto.

C

That's not happening.

A

But I honestly think that there's some, some substance of that where maybe we could, you know, film a couple of the impacted government shutdown employees just to see what they actually do when they don't have to report and do. Especially the people that have been living the CMC program for like six, seven years, like state fear people like that.

C

I hope that, though, because I do think that for the people who are being impacted, just want to be clear, I have a lot of empathy for being in their shoes. I can't imagine how it feels, especially with a lot of the looming conversation around the layoffs or so.

A

Yeah, for me, it's. It's the unknown.

B

Right?

A

Like, it's, it's. There's no, okay, well, I got to get through this. Till then, I think that that's the thing that leaves me a little uneasy for it and definitely have 100% empathy for all those people that have been impacted. But there's a couple of things, like we said that, that we know are impacted in the CMMC program. You know, obviously the Cyber AV and the Keiko still fully operational and the PMO office kind of, as you mentioned, impacted. No full details as to how it's going to be operating, fully functional, whatever it may be, but there will be some impacts there that have been reported. And the one thing that I don't think that we, anybody in the ecosystem, me especially, feels needs to be impacted by anything or have anything as a roadblock for it to be successful is the tier 3 screening processes. And this is one of the situations where it was kind of relayed during the town hall that it was unsure if there's going to be any impact to it. Dear Lord baby Jesus, I hope there is none. That's. That's all I could say about that. Like, if there's anything that comes from this. And again, not making light of the situation, but I feel like it just got to the point where it's fully functional and it's like two steps forward, two steps back type situation. And in this case, that screening process cannot afford to take two steps back. Imho, that's just how it is.

C

Yeah. And do you know that while we're watching the town hall every month, you and I, I'm so keyed into making sure I'm capturing everything that Matt and all the special guests are saying. And what I want to be doing though is reading all of the Q and A and I don't have the bandwidth to be doing both. I'm sure that you are a lot better at that than I am. But that's one thing that I see is still occurring is those tier three background checks. Still there's a bunch of Q and A about. I applied 10 months ago or over a year ago and I still haven't heard anything. So I'm with you. I hope that that is not impacted by the government shutdown. They really need to keep those assessors moving through.

A

I'm confident that they're working on it too. I think that James Gillooly joined last month just to say that, hey, we're making these improvements, trying to get the process together. I think that we all do need to realize that this is an evolving process and, and expectations of perfection at the onset of the program definitely aren't realistic.

C

It must be so.

A

Right. 100% I agree.

C

Okay.

A

Now some, you know, we go from the government shutdown and, and kind of that gloomy news that goes with it. The good news, the CMMC programs being operational to some more good news.

B

Right.

A

Some welcome aboards, some departures leading to some people coming in at the Cyber AV and the caco. I know one in particular that we are excited about. But let's just run through them both real quick. First and foremost, Raymond and I always butcher. His name is Raymond Kronbruner who served as more of the financial role for the Cyber AB departed. Yep. He served as cfo and now there's an interim CFO by the name of Christopher Davis stepping in. It's CFO stuff. Not really important to our, you know, just pay the bills. That's good for us. A happy trails to Ray. Thanks for everything that you did. Obviously good luck to Chris and whatever fractional role that you have moving forward. But the one that we are excited about is one person that we mutually have a lot of respect for and that's Cat Adams joining as this title is the new conformity and credentialing coordinator. And so I sounds, you know, nobody knows what it is.

B

Right.

A

But it sounds intriguing. I. We do know one thing that she's going to be doing and I'm super excited about it and I think you are too. But the cat, the CMMC assessment process is one of her main focuses and I have much respect for cat. I personally look forward to the first CAT crafted cap coming out.

B

Right.

C

Cat crafted cap.

A

Yeah.

C

Make sure I heard you. Okay?

A

Yeah. Don't ask me to say it again. I was nervous about nailing it the first time I said it. But you know, this is just another growing trend that we see where people who have made a footprint in the ecosystem are now joining the organization that kind of runs the ecosystem to kind of add that community feel to it. And we'll talk about that some more going down. How happy are you about this addition?

C

You and I were doing a virtual high five when we saw that. And you know, I've probably taught a dozen CCP or CCA classes with cat. I go back to, to our Edwards Performance Solutions days in working with her and she really is just such a. The thing I like about her is not only is she super knowledgeable, but she is open to feedback and you know, just talking through things very well. So that's one of the things that's made her a good instructor all along. I'm really happy to see her in this role. And I know that we're going to talk in a few minutes about the C3PAO Advisory Council and one of those subcommittees is going to be giving feedback on the cap. So that feedback we know is going to go to CAT to craft the CAP updates. And so I like how the ecosystem is being brought in with a new dedicated role to making that successful. It's really exciting.

A

Yeah. And I, I think it's just reflective of the fact that the program's live.

B

Right.

A

So when the program wasn't live and they were still pending of when is it going to happen and stuff like that. I don't think that there was a lot of leeway for positions of this specific. Specificity. I can't talk today, but we can't have specific positions if we're trying to do umbrella coverage for things while we're trying to, you know, get the program up and running. Now that the program's going to be up and running, we need to have these specified positions filled. And I'm glad that it's being filled with people that have made such a great impression on the ecosystem. I would be willing to say that Kat's probably taught 50% of the certified people in the ecosystem. I wouldn't you imagine that, I mean, a couple years she's been doing it. I've been teaching classes pretty regularly. So let's talk about some of that ecosystem in which she may or may not have been influenced. One of our favorite things, the update, the numbers, how they looking?

B

Right.

A

So the CMMC ecosystem update, as of now, 82 authorized C3PAOs. Three more from last month. One keynote that was added here that I think is something to keep track of. Matt Travis thinks by the end of the year we're going to reach 100 authorized C3PAOs. Good number. Yeah, I think that it's actually great progress. And another part of the great progress, the assessment status report because we're finally back in the positives. Had a little hiccup last month, Joy. The hiccup was some duplicates. Who knows what that was. But as of this, this month's town hall, 366 final status CMMC certifications issued, that's up 96. That's 96 total issued in September alone. Sixteen certs that are in conditional limbo. I don't know, maybe they got that 10 day window to go back and do the 10 day things that you're allowed to do or some other things are pending that that need to get it done. And there are 75 currently CMMC assessments in progress. So if I do a little bit of math, bear with me, dear Lord baby Jesus, help me out. 75 +96 is 161-71171 +16 is 187. In the month of September, at some point in time there was a total of 187 CMMC assessments that took place. That's crazy. That's six a day almost.

C

Yeah, that sounds, it's a lot. You know the thing that impresses me is if we are at a total right now of 366 that are final for the year since the program started and 96 of those took place in September, were authorized in September. That means 5% more than a quarter of the total went through in one month now. So we're seeing some big numbers coming in and that means that there's an those OSC's, the contractors out there are eager. It's wonderful to see and I think.

A

It'S also seeing that not just, I think maybe in the beginning of assessments being able to take place, we saw Those few key C3PAOs that were filling up, filling up, filling up and being able to operationally function at full speed at the beginning of the program. And I think now what's happening is we're seeing more and more C3PO get authorized. But we're also seeing more and more C3POs that are getting up to full speed. Staffing, full teams, staffing, more than one full assessment team able to produce more output because we're growing the ecosystem in other ways. Other notable ways in which it's growing. 31 new CCAs this month, 31 new assessors, 98 CCPs. So that's 120 total people that could participate in a CMMC assessment. If you do the math, that's 30 teams.

B

Right?

A

Four people a team, three 30 teams. And we have reached a milestone, a benchmark, something that is worth keeping track of. Not only are there over 1000, 10, 48 to be exact CCA applications in the queue, 52 of them came this month. So we are now over a thousand people that want to be a part of the assessment ecosystem or to have that knowledge to help their organization because we know not all of them are going to assess. This is great growth, Joy.

C

It really is. The dedication that I'm seeing in the consulting community to learn more through the CCP is finally at the pace that I expected and wanted to see it. There's so much more that you learn in the CCP class than you would in the RP or even just trying to do it yourself. It's, and also the value of the peer networking, you know, I, I just think that the CCP is the way to go. It's good to see.

A

Yeah. And it's nice for a national program to get such great national support.

B

Right.

A

But it's even better when a national program gets international support. And so we talked about some of that international, you know, support that the CMMC program seems to be getting because obviously there are defense contractors outside of the United States in certain cases that operate and do whatever they have to do. And what's crazy is we're seeing growing participation from places like South Korea, Sweden, Taiwan, Canada especially. I mean, obviously we know Canada's got a little bit of a nudge there, but if you look at South Korea, Sweden and Taiwan, it's just forward thinking to help the customer that they know they're going to have to help or just they want to be protected. And I'm all for it. And two of those 82 authorized C3POs reside outside of the U.S. did you know that we have one in Canada? Yeah, one in Canada for sure. I thought both would be in Canada and then we got the breakdown and one's in Taiwan. I, that's, that's surprising to me. I Didn't think that. Taiwan. I thought South Korea, because South Korea has so such large numbers for like CCPS and registered professionals and things like that, I thought that maybe that would be the one. But South Korea, kudos to you two organizations in Canada and South Korea. Welcome to the family. Or Canada and Taiwan. Welcome to the good fight. Welcome to the family.

C

Sounds Good.

A

So those C3PAOs are going to obviously go through and assess OSAs, Joy. And when they assess them and the OSA successfully completes their certification or success successfully achieves their certification, like the 366 organizations that have up to this point, they're going to be issued, you know, a CMMC UID that's going to be associated with it and a final status level. And right now, outside of teaming agreements and more professional under NDA lock and key, there's no way for you publicly to show that, hey, we're CMMC Level 2 certified, except for saying, hey, star.

C

For all that work.

A

And it's been a lot of work.

B

Right.

A

And so there's been a little communication between the Cyber AB and the Dow dod, however you want to address it, as to how we can do that and still protect some of the privacy, you know, have some of the privacy needed to make sure that we're securing it. Because the whole thing is to secure things here, Right. We don't want to do anything that's going to open a window or draw attention or anything like that. So there's discussions that are happening and I figured, well, why not have our own discussion, Joy? This is still. Right, still prototype. We're still in the stages where they're trying to say I think it should look like this. And I think.

C

Peter, are you telling me that they're looking for design ideas from.

A

I don't know if they are, but if they were, I mean, you know, two people. Yeah. What do you think? Like, what would you put on the badge, Joy? Because I know two people that are very opinionated that might want to throw a little suggestions in the hat, you know, just help helping them out.

C

I, you know, I. Well, my creative brain says it's got to have something about a gladiator on it. Oh, well, look at that. A gladiator or a hero. But both of those are kind of outside the conservative vein that we're seeing in the CMMC graphic. So I don't think they're going to take my ideas personally. Um, what are your ideas?

A

I just think it needs to be a 110, you know, like how like everybody says Like I. That's a hundred. That's a hundred. You know, put 100 on it, right? No, it's a 110. I got a 110. And it's just a big 110. And it's in bubble letters, doesn't have a crust or anything. That's it, just a 1 10.

C

Your idea would be accepted prior to my idea.

A

It's, it's simple. There's not a lot of design effort in that. If anybody's ever seen a fly that I produce, it's kindergarten level anyway. So that kindergarten level idea I produced.

C

To see what our crack marketing team could come up with, I'll tell you, we got it.

A

We got a pretty talented marketing team.

C

We do got the best.

A

Maybe we should put them to the test. Producer Dustin, take notes, go back to the next team meeting, tell them that we need a prototype for the show for the certification badge. The last thing that kind of I want to cover from the town hall that, you know, we, that that was discussed was the C3PO Advisory Council. And we talked about this last month and how it's coming and, and what it represents. And we got basically an update from Tom Ton, who is the vice chair of.

B

Right.

A

The vice chair of the advisory council and the three committee. Basically the update is, is that there's three committees and subcommittees being stood up that are underneath the Advisory council that consist of people from the ecosystem. Keep that in mind. When the ecosystem was given the call to action that if you want to participate in this advisory council, fill out this application and we'll review it. They received hundreds of applications, which is very promising as well. I mean it's an ecosystem that is very eager, very hungry and people want to help. And I think that that's a good thing. I am just happy to relay that according to Tom, that they are very viciously going through the process of reviewing those applications and making selections and they expect to be notifying the lucky people that get to participate in these community driven council subcommittees.

B

Right.

A

Within the next week. So within the next week you're going to know how you're going to be able to contribute if you've been selected. Enjoy. I mentioned community driven, ecosystem included. I had mentioned that multiple times in this because I think it's very important and I think, and I hope that you agree. But this council in the sense of community inclusion that it has is very refreshing because I know from people that the OGs, as I like to consider myself coming from the beginning of the standing up of the AB and how things were going. One of the biggest complaints was maybe we are not hearing from the ecosystem as much as we should in taking that input. And now it's three committees, a council, subcommittees that are all compiled of it. What are your thoughts?

C

Yeah, it's super positive. It's such a great move in the right direction. I do have a question. It seemed to me that they were saying they only put the invitation to apply out to those who are CCPs and CCAs. Did I hear that correctly?

A

That is correct.

C

So I personally would like to see some industry voices in there. There are some folks who come to mind that are not a CCP or CCA that I think would lend tremendous insight and value and perspective. But as a starting point, I get why they did that. They want people who are like engaged in participating in the actual ecosystem with the cyber AB. That's, that's where they're starting from. It is the C3PAO which is comprised of C3PAOs who are CCAs. Right. So I get that part of it. But I'm hoping that as we continue to evolve and mature this, that they are able to incorporate feedback and perspective from people in the industry who are not CCP CCAs.

A

Yeah, I. While I agree that there are people that are outside the ecosystem that obviously should have input in this scenario, if this is a advisory council in which is designed to mold and guide the ecosystem, then I can understand why the voices only come from there.

B

Right.

A

Why the first call for voices comes from there. Also because you got to get a mass produced, you know, email out there, call for speakers, applications, whatever you have already the client list that you want to send it to. And so I think that that's just a part of ease and then a part of the fact that, you know, why do we go outside of it now? Maybe the council chairs at some point will be like, we need outside counsel from outside the ecosystem. And maybe there's a process that has to be worked out. I don't know. I'm not privy to it. But there's always room for improvement. What I will say, great start.

C

Yep.

A

And then. So that's really. Right, Joy. That's. That's kind of all there is to talk about from, from this month's time.

C

Well, what happened to what I, you know, one of the. Once in a while Matt Travis puts a zinger out there. And by zinger I mean he actually makes me laugh out loud. Everything before, like his keynote at CS before it was CS5 Seek West. Okay. He had Me laughing out loud at this whole airplane Runway, you know, analogy that he was using for cmmc. And then I'm looking at the slides last night. He's like the ESP conversation, like, once more with feeling, like, is he going to be more passionate about it? What kind of emotions are we going to be seeing come out of him? It was really funny just the way that he, he termed that on the agenda to kick off the conversation again, yet again. And I'm thinking, what would evoke something such feeling, such need to dive into the ESP conversation? Jason, I'm not sure why. Why are we circling back again?

A

Joy, when sometimes when you tell people stuff and you make it a point to point things out to people on multiple occasions. Right. First couple times are like, oh, well, let me educate you. Oh, maybe I didn't do a good job. Let me educate you again. Maybe my tone's not right this time with some feeling.

B

Right.

A

And everybody likes when we do something with some feeling, and especially when we talk about ESPs and ESPs not being CSPs, but not saying that they're being a CSP, saying there's. I, I lost track of it. Joy, here's the deal. And we're going to kind of COVID it. If this is crazy because it's still happening and it is a very big problem, I'll be very serious about it. A huge problem. Not only because it's still kind of being allowed to go on within marketing schema and conversations that are happening, but it's also a huge problem because we are at such a critical point in the program's launch that people are now that weren't early adopters, that weren't early people taking action, are now looking for, you know, the quickest, most efficient, cheapest, easiest way possible for them to keep their contracts. And people were preying upon them, and they're preying upon them using deception for lack of awareness. And so this is a very vital topic. I'm glad that they spend a lot of time on it. We are going to spend time just emphasizing two things. Okay. The first thing, your ESP is in scope, okay. When it processes, stores or transmits CUI on ESP owned or operated assets. Right. Some of the assets they may use to service you may process, store transmits ui. If that's the case, they're in scope. Or it process, stores or transmits security protection data on ESPN owned operated assets.

C

Which is a ton of MSPs. That is what. That security protection data is what they do, right?

A

Correct. Or it provides Security protection for systems that process, store or transmit cui.

C

Again, very clear msps. Yeah.

A

Now you're. The company is a CSP when provides cloud services based on cloud computing and the cloud computing model is broken down through NIST as convenient on demand network access to shared pool of configurable computing resources, networks, servers, storage, application services that can be rapidly provisioned and released with minimal management effort or service provider interaction. Now there are very, there are a, a very large number of solutions out there that are either popped up or there or think that they reimited the things that operate under this premise.

B

Right.

A

MSP and MSP is not a CSP because they don't own the resources in which you are operating off of. They aren't. You aren't sharing those resources with other companies, they aren't provisioning access to their resources for you to operate. That is a cloud. Cloud is somebody else's computer or asset. You are operating on somebody else's computer asset without ownership of your own. So there are three vital questions that the AB has relayed that you should consider when scoping your ESP to make sure they're an ESP or a CSP or you know, helping them discover their true identity.

B

Right.

A

The first question, are you using an esp? That's an easy question. If you're using esp, is your ESP a cloud service provider? Well, I mean, that's an easy question. Just ask them, hey, are you a csp? Sometimes they don't even know.

C

Right.

A

So how do we determine that? Do they provide you services through the cloud? That's a key indicator. They're a cloud service provider. Are these services ubiquitous, convenient or on demand? Okay, makes sense. But everybody wants convenient on demand, right? Are they providing you access to a shared pool of resources like server storage, applications that can be rapidly provisioned and you don't own them? And then finally, does your ESP process store transmit CUI and other security protection data? If it's going there based on DFARS 7012, any cloud resource that stores, processes or transmits CUI. Joy needs.

C

That ramp.

A

Okay. Yeah, I was like, oh no, not my delay. This would be awful for a delay. You paused for a. That's what you did. You wanted to see my heart drop, right? That's here it was. So we're going to put, we've put those three questions on the screens and we feel like that any organization that's evaluating or going to, you know, think about using the ESP for their CMMC journey, just make sure that you ask those questions and make sure that you're confident that your ESP is an ESP and not a csp. And there's a lot of things that can make you feel suspicious about that.

C

So there's a couple of things I just want to say. First of all, because we know that there was some information shared out around an ESP that was claiming they were not a CSP who has now been deemed, yes, you are a csp. And that's one of the reasons that there's a lot of clarity again and again, like, this is what the guidelines are. But I just want to point out that I think this is just as important for C3PIOS to truly, deeply understand as the OSCs who are contracting with an espresso. Because I've always looked at this from, oh, if you're one of the contractors and you're using an msp, how are you going to make sure that they are meeting the criteria they need to in order to sit next to you during your assessment and provide the evidence? Like, how are they being evaluated? All I'm always looking at it from that perspective, like, how is the OSC making the using the best judgment on how that MSP is being categorized as an MSP and not a cloud service provider? Right. But on the flip side of that, there have been C3PIOS who themselves were not that clear and they went in and evaluated contractor environments without saying, wait a minute, I'm throwing a flag on this because I'm not certain that the ESP that you've identified as an MSP is not a csp. Or do you know what I mean on the assessor side of it, it's just as important for that clarity. So Matt Trappis is not doing this again with feeling just for those contractors to make sure that they aren't sold a bill of goods that may not match up with the reality of the situation. It's also for the assessor community to be very clear. What they're looking at, without a doubt is going to be an ESP that is not a CSP or ESP that is a CSP with completely different requirements, which if they find out, oh, you actually have a requirement to be fedramp this csp and they were not. We can't start the assessment. Right.

A

Let's talk about that point that you made about there are C3POs that have evaluated situations that are in question.

B

Right.

A

And so those situations have passed, but why have they passed? And I think that that's the other terrible Thing. Let's think about this from the perspective of the osa. You've paid, albeit a discounted rate to get your services because they're quick, fast and cheap.

B

Right?

A

And you do all of that and then once you pay all that money, you get all prepped and then you go through the assessment and you pay the money for the C3PO to come and do your assessment.

B

Right.

A

That's part of the whole transaction. And then afterwards you find out, wait a minute, this all is not true, it's all a ruse. What happens to your money? Because.

B

Right.

A

It's your responsibility. You should know that you had a csp.

B

Right.

A

So if I knew that I was using the CSP and they didn't conform to it, the standards that they had to conform to, it should be my job to make somebody three PAO have. Oh, I 100% think that there should be some. If, if there is a case, and I will say this with the sternest of faces, if there is a case where we're going through and a C3PAO has assessed an organization that has deemed that they were a MSP for the assessment, but really turned out to be a CSP and the provisions aren't there and there's a certification issued, there needs to be some sort of audit report or right. Whatever. Whatever they launch. Right. Investigation, whatever. Because you got to figure out, it's not because we want to dunk on people or because we want to cannibalize people in the ecosystem. It's because the whole goal of this is to make sure things are amply protected. That is a demonstration that amply protected CUI has been passed off and certified as an environment that can amply protect cui. That's the biggest issue here.

C

Yeah. At a minimum, there needs to be a re education around it. And now it'll be interesting to see what happens to the OSC that had received their certification.

B

Had.

C

How's that going to be handled? It's, you know, the whole thing is kind of sad, I gotta say, but that's. We're early on in the program. Things like this are going to be uncovered and they're going to find out, oh, we have to address this in a much deeper, more meaningful way. But not just for the contractors who are doing the trust, but verify the burden's not just on them. The burden is also on the C3PAO community.

A

I think it's only sad if there's no improvements that come from it and there's no learning that happens from it. But what is really sad is that our time together this month is up. So I'm. I'm absolutely heartbroken. We will be back next month to talk about the October town hall. Some spooky news, hopefully around the corner. Until then, like, subscribe, tell all your friends, and we'll see you next week.

B

Sam.