The CMMC Accreditation Body has opened new pages on their website to give information about registering as a C3PAO (Certified Third-Party Assessor Organization) and as an Assessor.
They also have information about becoming a ‘registered practitioner’ or a ‘registered provider organization’ (these can be team members but not lead audits). The first group of DoD cybersecurity assessors for the Cybersecurity Maturity Model Certification is expected to graduate by early August, so it is quite obvious the forward momentum of CMMC continues. Final requests for proposals for certification services are expected to hit the street this fall.
Katie Arrington, chief information security officer for the Office of the Undersecretary of the Navy for Acquisitions and Sustainment, said the CMMC program effort has had to pivot some since its initial roll out earlier this year, partly due to the pandemic and social distancing measures. The board had to reconfigure training from onsite to virtual. The process has also hit snags in the rulemaking process to revise the defense acquisition regulations, which Arrington said is now underway. But the CMMC-AB processes and registrations continue to roll out.
What it means for the industry is this: We all – small and large cyber defense and digital transformation firms – have an opportunity to assist the DoD in the implementation of CMMC and in assessing and certifying companies looking for compliance.
This system is not as difficult as you may think. Whether you’re a contractor looking for help with CMMC or becoming a C3PAO, or simply looking to enhance your cybersecurity posture in order to protect and expand your business, Ardalyst’s goal is to replace uncertainty surrounding CMMC requirements with understanding.
Good cyber defense doesn’t have to be expensive or difficult to implement. Sign up with us today for a free planning session and take advantage of options to save.