About 3,500 people have registered for the first of a series of webinars organizers are planning to meet the high demand for knowledge of how the Pentagon’s Cybersecurity Maturity Model Certification program will work.
The CMMC Accreditation Body—newly incorporated as a nonprofit in Maryland—emailed stakeholders Wednesday touting its activity so far in standing up a system to manage audits of defense contractors’ cybersecurity and outlining the next steps.
Implementation of the CMMC will end the current policy of defense contractors self-attesting their adherence to specific security controls, such as those outlined in National Institute of Standards and Technology Special Publication 800-171.
The program has made many in the industry anxious about exactly what auditors will want to see in order to hand over the certifications necessary to do business with the Defense Department and created an ecosystem of independent third parties eager to profit from the system.
Two weeks ago, Ellen Lord, undersecretary of Defense for acquisitions, issued a statement dispelling claims some were making that they could provide the sought-after certifications.
“Unfortunately, the Department has learned that some third-party entities have made public representations of being able to provide CMMC certifications to enable contracting with DoD,” she said. “The requirements for becoming a CMMC third-party assessment organization [C3PAO] have not yet been finalized, so it is disappointing that some are trying to mislead our valued business partners.”
The accreditation body will dive into the details of C3PAOs and other CMMC topics such as the training prospective auditors will need to undergo in a series of webinars starting April 6.
“The CMMC-AB is still building the CMMC ecosystem, so we don't have all of the answers ye ..
Support the originator by clicking the read the rest link below.
