This Kitecast episode features an interview with Chris Rose, a Partner at Ariento, a leading cybersecurity, IT, and compliance service provider. He has extensive experience in cybersecurity, having previously served as an instructor at UCLA where he taught cybersecurity and privacy courses. Chris holds an MBA and a master’s in computer science from UCLA, as well as a bachelor’s degree from Cal Poly.
During the podcast interview, Chris provides an overview of the Cybersecurity Maturity Model Certification (CMMC) framework and its origins within the defense industry. He explains that CMMC builds upon existing NIST 800-171 requirements for protecting controlled unclassified information that contractors already must comply with. However, CMMC adds a critical component—independent third-party assessments done by C3PAOs (Certified Third-party Assessment Organizations).
Chris believes CMMC will likely gain final approval in early 2024 based on the rulemaking process. He notes that reciprocity with frameworks like FedRAMP could help ease the compliance burden for contractors. For companies using cloud services, Chris strongly advises leveraging solutions that have achieved FedRAMP Moderate Authorization or above.
When asked about readiness across the Defense Industrial Base (DIB), Chris indicates that primes are pushing their subcontractors to get prepared. However, smaller companies are still in a wait-and-see mode in some cases, trying to weigh the costs versus risks. He emphasizes that companies should focus first on proper scoping of assets and information that will be in scope for CMMC assessments.
Chris also provides tips for selecting a C3PAO, noting that risk mitigation and technical competence are top evaluation criteria for most mid-market and enterprise clients. He also discusses Ariento’s experience with adjacent standards like FedRAMP, ISO, and ITAR that provide relevant expertise for CMMC advisory services.
LinkedIn: www.linkedin.com/in/cmmc
Ariento: www.ariento.com

Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.