The Business Owner's IT Podcast Ep. 77 - CMMC Explained for Business Owners: What’s Changing?

What does CMMC compliance really mean for business owners, and why should you care now?In this episode of The Business Owner’s IT Podcast, hosts Tony Gerasch and Ryan Carter break down the Cybersecurity Maturity Model Certification (CMMC) in plain English. They share real-world insight from their own journey toward CMMC alignment and explain how this evolving framework impacts businesses working with the Department of Defense (DoD) and other government entities.Whether you’re a manufacturer, contractor, MSP, or business owner handling sensitive data, this conversation walks through what’s changing, where the biggest challenges lie, and why waiting is no longer an option.In this episode, you’ll learn:✅ What CMMC is and why it exists.✅ How CMMC affects businesses and service providers.✅ Why MSPs are choosing to align with CMMC, even when not required (yet).✅ The hidden costs and operational changes most companies don’t anticipate.✅ Physical security, access controls, logging, policies, and employee training requirements.✅ Why “acceptable risk” is no longer acceptable.✅ How to start closing your compliance gaps before it impacts your contracts.💡 Tip of the Week:If your business needs to be CMMC compliant, start now. You can’t do this alone, and trying to will cost you more in the long run.⏰ Chapters:00:00 — Podcast Introduction00:13 — Why We’re Pursuing CMMC Certification00:55 — Why MSPs Matter in CMMC Compliance01:19 — Are MSPs Required to Be CMMC Certified?02:10 — What Does CMMC Stand For?02:25 — Our Timeline for Becoming CMMC Certified03:22 — Physical Security Requirements (Doors & Building Access)05:21 — Software Tools and FedRAMP Requirements06:23 — Why CMMC Services Cost More06:45 — Employee Training and Access Restrictions07:31 — MSP Access Risks and Security Controls09:07 — Understanding the CMMC Gap Assessment09:38 — What Is Split Tunneling?10:25 — Logging, SIEM, and Log Retention Requirements11:30 — Testing Incident Response Readiness12:35 — NIST Rules on Device Naming13:23 — Password Policies and MFA Requirements14:10 — The CMMC Certification Process14:47 — Helping Businesses Become CMMC Compliant15:46 — Why Legacy Systems Are a Compliance Risk16:45 — FIPS Encryption and Hardware Requirements17:37 — Why CMMC Is Changing the Industry19:02 — Final Thoughts on CMMC19:41 — Tip of the Week: Start Preparing Now20:53 — Tip of the Week #2: Policies Must Be Followed22:25 — Closing ThoughtsIf you’re feeling overwhelmed, you’re not alone. Tony and Ryan explain why working with experienced coaches and proven frameworks is the smartest path forward, and how doing it right can actually strengthen your overall security posture.👇 Join the conversationHave questions about CMMC or compliance frameworks? Drop them in the comments; we’re happy to help.#cmmc #cmmccompliance #cybersecurity 💻 Since 1997, Unique Computing Solutions has been providing businesses with the IT support and IT solutions they need to streamline communications, boost productivity, and increase profitability. Website: https://uniquecomputingsolutions.com/LinkedIn: https://www.linkedin.com/company/unique-computing-solutionsFacebook: https://www.facebook.com/UniqueComputingSolutionsYouTube: https://www.youtube.com/@uniquecomputingsolutionsTwitter: https://twitter.com/qputingInstagram: https://www.instagram.com/qputing/Twitter: https://twitter.com/qputingInstagram: https://www.instagram.com/qputing/TikTok: https://www.tiktok.com/@uniquecomputingsolutionsSpotify: https://open.spotify.com/show/3ysyf6NcGAXfM2Ai6T5wQdApple Podcasts: https://podcasts.apple.com/us/podcast/the-business-owners-it-podcast/id1768340957