What does it mean to be CMMC 2.0 Compliant? Why does it matter, and how do manufacturers tackle it without getting lost in the weeds? Greg interviews Darren Gallop, CEO and founder of Carbide Secure, to cut through the noise on CMMC 2.0 and why starting with a self-assessment is step one. He digs into the certification process, budgeting, and tools available to support you on your journey to compliance. Plus, they clear up the confusion between NIST, ITAR, FedRAMP, and other compliance standards.
Whether deep in the compliance process or just getting started, this episode gives you the insights—and the game plan—to keep your shop secure and ahead of the curve.
”If you’ve implemented ITAR successfully in your business and are following those requirements, then when you do a gap analysis against NIST 800-171, you’ll find that you’ve already done some of the work. You’ve probably done 70%, depending on your environment and how well it was deployed in the business.“
— Darren Gallop, CEO and founder of Carbide Secure
In this episode, you’ll hear:
- 00:58 The Importance of Compliance to Secure DoD Contracts
- 02:17 Current State of CMMC 2.0
- 04:36 Understanding the Requirements
- 15:30 The Risk Your Vendors and Software Play on Compliance
- 30:09 Real-World Examples
- 34:32 The Hard Way Vs. The Easy Way to Compliance
- 40:11 Preparing for Third-Party Certification
- 50:33 Maximizing Your Odds of Success
- 53:49 Tools and Resources for Compliance
Editor’s note: This episode was recorded before CMMC Phase 1 took effect on November 10, 2025. Phase 2 — when third-party C3PAO Level 2 certification becomes the default for CUI contracts — begins November 10, 2026. The framework Darren walks through is more relevant now than when we recorded.
Links Referenced:
- CMMC 2.0 Resources
- Carbide Secure: https://carbidesecure.com/
- Datanomix: https://datanomix.io/
- mfgmavericks.com: https://mfgmavericks.com