The Pentagon is making changes to its rollout schedule for the Cybersecurity Maturity Model Certification program, due to issues with getting assessment organizations that will conduct audits for contractors fully credentialed by the Defense Department, according to a DOD official overseeing the pilots. All certified third-party assessment organizations need to obtain a CMMC level three certification in order to start conducting assessments for contractors. Those assessments are conducted by the Defense Contract Management Agency's Defense Industrial Base Cybersecurity Assessment Center, which has found issues in completing the certification due to the difficulty of reaching full compliance with the CMMC standard. "Most of the changes are predicated on a few situations. An overarching situation is the readiness of the C3PAOs, so there have been some delays in the processing," said Diane Knight at a CMMC "Town Hall" on Tuesday hosted by the CMMC Accreditation Body. Knight leads the CMMC Program Management Office's pilots work.
展开▼
