Right! Interestingly self-attestation of NIST 800-171 compliance has been the norm for defense contractors for many years. CMMC will change that when it goes into effect next year and requires independent certification assessments for most contracts that involve CUI.
In the episode, Julie mentions she is currently working 10 FCA whistleblower complaints that are under seal. She told me that 8 of the 10 relate to NIST 800-171. 👀 It makes me wonder how many other whistleblower complaints are just waiting to come out from under seal!