Professional training needed to carry out assessments for the Defense Department’s unified cybersecurity standard for contractors won’t kick off until later this summer, according to an official for the organization overseeing the process.
“I know many of you are eager to learn of when the CMMC ecosystem will kick into full operational gear. I will say this―we are getting close,” Matt Travis, the Cybersecurity Maturity Model Certification Accreditation Body’s CEO, wrote in a memo accompanying an an updated frequently-asked-questions document.
The board confirmed in its update that only one organization that’s a candidate to be a certified third party assessment organization (C3PAO) was “successfully assessed” at Defense Industrial Base Cybersecurity Assessment Center’s maturity level 3 and that “several more are in process for being assessed.” Only 40% of C3PAO applications have been processed to date.
The announcement also highlighted the governing body’s plans to become an International Standards Organization (ISO) accreditation body by the end of fiscal year 2022. This certification is a mandatory part of the organization’s contract with DOD.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
