DOD’s Cybersecurity Accreditation Body Plans to Pursue Grants as a Nonprofit 

DOD’s Cybersecurity Accreditation Body Plans to Pursue Grants as a Nonprofit 

The group of volunteers the Defense Department has tasked to implement a monumental change in its cybersecurity policy will seek support from foundations and other grantmakers, according to the chairman of the board for the aspiring nonprofit.


The Cybersecurity Maturity Model Certification program will usher in a new era of defense contractors needing to undergo an independent, third-party audit of their cybersecurity practices. Companies currently only attest their adherence to standards issued by the National Institute of Standards and Technology.


The Defense Department’s Defense Contract Management Agency can conduct audits through the Defense Industrial Base Cybersecurity Assessment Center, but its capacity is limited, so the department developed the CMMC in order to scale auditing operations to all of its estimated 300,000 contractors. Some contractors look forward to the CMMC leveling the playing field while others are not thrilled about having to pay for another certification. 


A rule to implement the program and a related statement of work outline duties for the CMMC Accreditation Body to approve new entities that will conduct the audits and establish training requirements for their assessors. The CMMC AB, as it’s called, came together at an industry event DOD held to launch the program. Participants volunteered to stand up a nonprofit organization to put the pieces together.


The group has come under intense scrutiny over uncertainty about how they would fund their operations—the previous chairman of the group’s board of directors stepped down amid what was perceived as a pay-to-play scheme—and there are concerns about potential conflicts of interest ..

Support the originator by clicking the read the rest link below.