Cyber Crime Junkies
Cyber Crime Junkies

This New Rule Can DESTROY Your Sales Overnight: CMMC's Wide Reach

April 27, 2026

AI Summary

5 min read

The latest Cyber Crime Junkies episode unpacks CMMC, the Cybersecurity Maturity Model Certification, as a mandatory requirement reshaping the Department of Defense (DoD, now called Department of War) supply chain. With a firm deadline of November 10, 2025, host David Dean Morrow interviews Sam Durso, a CMMC expert at NetGain Technologies, to clarify its scope, levels, and steps for small and mid-sized businesses. Far beyond primes like Raytheon or Boeing, it targets any firm handling DoD-related data, emphasizing practical preparation to avoid losing contracts overnight.

Defining FCI and CUI: Determining Your Level

CMMC applies to companies possessing Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). FCI includes non-public contract details like purchase orders, delivery schedules, internal DoD communications, and invoices—essentially the "receipt" for a government purchase. CUI covers sensitive but unclassified items requiring safeguards, such as technical drawings, IT system diagrams, export control data, and engineering reports—the "actual content" like rocket blueprints.

Continue reading the full summary in the app — free to try.

Read Full Summary →

Free • No credit card required

Listen to Audio Summary Open in App

What you'll learn

  • 1 (00:00) **Intro Hook on Cybercrime Risks** - Host warns of common denial leading to breaches, promotes Moving Target books (filtering ad details).
  • 2 (01:23) **CMMC Deadline Alert** - Announces CMMC enforcement November 10, 2025, impacts all defense supply chain businesses beyond primes.
  • 3 (02:42) **CMMC Overview and Guest Intro** - Reiterates CMMC as survival test for DoD contractors; introduces Sam Durso from NetGain.
  • 4 (04:00) **What is CMMC High-Level** - Cybersecurity Maturity Model Certification for DoD handling FCI or CUI.
  • 5 (05:11) **Defining FCI (Level 1)** - Federal Contract Information: non-public contract details like purchase orders, invoices, schedules.
  • 6 (06:38) **Defining CUI (Level 2)** - Controlled Unclassified Information: technical drawings, diagrams, export data, engineering reports.
  • 7 (08:25) **Bidding Requirements Post-Deadline** - Must certify level to bid; Level 2 allows 180-day POA&M for conditional eligibility.

+ Full timestamped outline available in the app

Show Notes

CMMC 2.0 explained in plain English — what it means for small businesses, defense contractors, and vendors across the DoD supply chain. Learn about Level 1 vs Level 2, self-attestation risks, C3PAO shortages, compliance deadlines, and how to stay audit-ready before 2025.

Don't miss out on crucial information about the CMMC 2025 deadline. The Cybersecurity Maturity Model Certification is a vital requirement for businesses dealing with the Department of Defense. If you miss the deadline, you risk losing contracts and facing severe penalties. In this video, we'll explore the consequences of missing the CMMC 2025 deadline and provide valuable insights on how to prepare and stay compliant. Stay ahead of the game and ensure your business is CMMC-ready.

 

Find out what happens if you missed the deadline and learn how to avoid costly mistakes. Tune in now and take the first step towards CMMC compliance.

 

CHAPTERS

00:00 – The 4 Letters That Can End You

Questions? Text our Studio direct. We read these and when helpful we give a special shout out for those to contact us.

New non-fiction Book Series is out! 

Growth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out at [email protected] or find more at www.NETGAINIT.com  
 

New non-fiction Book Series is out! 

Support the show

New Exclusive Offers for our Listeners!

New non-fiction Book Series is out! 

🔥 4 years. 400+ interviews. Available on