What is CMMC? CMMC Update Archives CMMC Links
Consulting Employee Training Security Awareness Training Public Speaking Expert Witness
White Papers Newsletters CMMC Update Articles Videos Interviews
CMMC Update by Glenda R. Snodgrass for The Net Effect
[ View this email in your web browser ] [ Visit our archives ] [ Sign Up for this Newsletter ]

March 18, 2026

Talking about CMMC L2 assessment readiness

Last week I was involved in an online conversation about readiness, and one colleague asked for opinions on mid-size companies, in the range of 1000-5000 employees. My response to his query was upvoted many times, leading me to believe that my experience is not unique:

In my experience, mid-range orgs struggle more than the small ones, because they have a few full time IT people who have been given complete responsibility for CMMC, FSO has completely abdicated ("it's an IT problem") and senior management isn't paying attention because they assume IT has it covered. IT assumes they understand the controls, they've never read 171a and don't even realize there are Assessment Guides and Scoping Guides for CMMC, and have no idea how far off they are.

At least the smaller orgs understand they have a lot of work to do and they seek help.

The mid-range ones don't seek help, they seek validation, and they are shocked when I give them a new score that is 100+ points lower than their self-assessment.

Is this your organization?

GRC is a Team Sport. (Governance, Risk Management and Compliance) This was a central theme of the Strategic Resilience Planning panel I participated in last week at CIPRNA 2026. A successful GRC program requires the support of leadership and the participation of all key stakeholders: IT, Physical Security, Operations, HR, Legal ... the exact composition of your team will depend on your organization.

If your organization has put the entire burden of CMMC compliance on your IT department, it may be time for a readiness check to be sure you are on track.

Speaking of readiness services ...

Is a Perfect 110 in your future?

Kudos to the team at Wiley|Wilson for successfully passing their CMMC L2 C3PAO assessment a few weeks ago, after utilizing our readiness services.

Upon learning they had passed, Ron Smiley, VP and CTO, sent me an email saying: "We couldn't have done it without you." He then sent me an unsolicited testimonial for publication, which I'd like to share with you here:

Glenda Snodgrass was instrumental in guiding our organization through CMMC Level 2 readiness. Her structured approach, deep expertise, and practical guidance helped us systematically close gaps and align our environment with the requirements of the framework.

Through her readiness services, we were able to successfully implement and validate all 110 controls in preparation for our Level 2 assessment.

Glenda brought clarity and confidence to a complex process and was a trusted partner throughout our preparation. Of all the investments we've made to meet CMMC, her help had the highest return.

That last line means the most to me, knowing that our clients find value in our services.

So, can I help you reach that Perfect 110? Reach out.



Glenda R. Snodgrass Sincerely,

Glenda R. Snodgrass, CCP/CCA/Lead CCA
grs@theneteffect.com
The Net Effect, LLC
www.theneteffect.com
251-433-0196 x107

Speak with an Expert

Contact

The Net Effect, L.L.C.
Post Office Box 885
Mobile, Alabama 36601-0885 (US)
phone: (251) 433-0196
email: sales at theneteffect dot com
Secure Payment Center






Site Map

Home
CMMC
PCI
GLBA
Consulting
Employee Training
Public Speaking
Expert Witness
Workshops
About

Resources


CMMC
Newsletter
Whitepapers
Articles
Videos
Interviews



The Net Effect, LLC

Copyright 1996-2026 The Net Effect, L.L.C. All rights reserved. Read our privacy policy