Skip to main content
Podcast

CMMC Assessments Explained: A Podcast with Toby Musser (MNS Group)

By March 18, 2026No Comments

New Podcast Episode: Inside the Reality of CMMC Assessments

CMMC assessments are no longer theoretical; they’re happening now. But what do they actually look like in practice?

In this episode of the IntelliGRC podcast, we sit down with Toby Musser of MNS Group to break down what organizations really need to know about CMMC from preparation to execution.

Whether you’re an MSP supporting clients or a defense contractor preparing for certification, this episode delivers practical insights you won’t find in official guidance alone.

What You’ll Learn in This Episode

The Real Story Behind Becoming a C3PAO

Toby shares the behind-the-scenes journey of building a Certified Third-Party Assessment Organization (C3PAO), including the challenges, and evolving requirements in the ecosystem.

How MSPs Should Support CMMC Compliance

Many Managed Service Providers (MSPs) claim readiness, but do not understand the depth of responsibility required under CMMC.

What Defense Contractors Should Expect During an Assessment

If you’re an Organization Seeking Certification (OSC), understanding the process is critical.

Expect:

  • Detailed evidence reviews
  • Policy and procedure validation
  • Technical control verification
  • Consistency between documentation and implementation

Why Many MSPs Are Not CMMC-Ready

A major theme in this episode is the gap between perceived readiness vs. actual compliance.

Common issues include:

  • Incomplete documentation
  • Misunderstanding shared responsibility
  • Lack of alignment with CMMC Level 2 requirements

Common Mistakes Before an Assessment

Toby highlights frequent pitfalls organizations face, such as:

  • Treating CMMC like a checklist instead of a system
  • Waiting too long to prepare
  • Failing to test controls before assessment

How the CMMC Ecosystem Is Evolving

The CMMC landscape continues to shift, especially around:

  • Interpretation of controls
  • Assessment consistency
  • Pricing pressures in the market

Leadership & Business Lessons from Toby Musser

Beyond compliance, this episode dives into leadership and business growth:

  • The importance of defining your company’s “why”
  • Building a strong cybersecurity culture
  • Finding the “highest and best use” of your team
  • Why great leaders aim to be replaceable

These lessons are especially valuable for MSP owners and cybersecurity leaders navigating growth in a compliance-driven market.

Watch the Full Episode

Don’t miss this deep dive into CMMC assessments and compliance strategy! Watch the full episode on this link.