Welcome to another episode of Mostly Compliant, hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN.

In this episode, Matt sits down with Michael Brooks, Lead CMMC Assessor at A-LIGN, to break down the CMMC Assessment Process (CAP) for Level 2 certification. Together, they explore the CAP’s purpose, its four key phases, and why Phase 1 — the pre-assessment — is essential for ensuring readiness.

The conversation dives into the importance of system security plans (SSPs), scoping, and evidence preparation, while also addressing common misconceptions about Phase 1 and how it differs from a mock audit. Michael shares expert advice on navigating the process, avoiding pitfalls, and setting your organization up for success in the formal assessment.

Listen to this episode on your favorite platform: lnk.to/X2VoDS

About Mostly Compliant: Hosted by Matt Bruggeman, Director of Federal GTM at A-LIGN, Mostly Compliant is a cybersecurity podcast that brings together experts from across the federal compliance landscape to discuss CMMC, FedRAMP, and other key topics shaping the industry.