Forging Trust
Posts
Leading with CMMC and Choose Your Own (Compliance) Adventure

Leading with CMMC and Choose Your Own (Compliance) Adventure

IT channel and business news with a focus on regulatory compliance.

Blacksmith Team
November 26, 2025

In partnership with

🏆 How Compliance Wins Defense Contracts

For years, “compliance” has been treated like an unavoidable tax on doing business with the Pentagon. Today, with CMMC 2.0 tied directly to award eligibility, it has quietly become one of the strongest competitive levers defense contractors and their MSP partners can pull...

🎙️The Get NIST-y Podcast!

Subscribe on Spotify!

Jared and Mike talk all things compliance and IT channel while answering your burning questions!

📋 You Are the CMMC Project Manager

You wake up in a cold sweat. The calendar says “CMMC Readiness QBR,” the invite says “mandatory,” and your inbox says “57 unread: URGENT.” Congratulations: you are now the CMMC Project Manager. You didn’t apply for this job. That’s how you know it’s real.

Your mission: get your defense shop to CMMC Level 2 without losing your contracts, your sanity, or your MSP…

Click to learn more!

⚠️ Threat Updates

🔴 #StopRansomware: Akira Variant Deemed “Imminent Threat” to U.S. Orgs (11/23/25)

A joint FBI, CISA, HHS, and DoD Cyber Crime Center advisory flags the Akira ransomware operation as a top-tier threat, citing extensive double-extortion attacks against U.S. businesses since 2023. Investigators report Akira actors abusing remote-access tools, creating new privileged accounts, and deploying custom scripts to exfiltrate credentials and encrypt systems across networks. The advisory urges organizations to tighten identity controls, segment backups, and report incidents promptly to help disrupt the group’s infrastructure. » More Info

🔴 Commercial Spyware Now Targeting Encrypted Chats and Mobile Devices (11/24/25)

CISA issued a new advisory warning that state-aligned actors and commercial surveillance vendors are using advanced spyware and mobile exploits to compromise iOS, Android, and messaging apps like WhatsApp and Signal. Attackers are chaining recently disclosed vulnerabilities, including CVE-2025-43300 and CVE-2025-55177, to achieve “zero-click” device compromise and capture communications before or after encryption. High-risk users in government, journalism, and executive roles are urged to harden mobile security, use phishing-resistant MFA, and avoid SMS-based authentication where possible. » More Info

Realtime User Onboarding, Zero Engineering

Quarterzip delivers realtime, AI-led onboarding for every user with zero engineering effort.

✨ Dynamic Voice guides users in the moment
✨ Picture-in-Picture stay visible across your site and others
✨ Guardrails keep things accurate with smooth handoffs if needed

No code. No engineering. Just onboarding that adapts as you grow.

See how it works

🗨️ Parting Words

“Innovation is the ability to see change as an opportunity, not a threat.” — Steve Jobs

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!