The Department of Defense (DoD) announced that the department reached an agreement with the Cybersecurity Maturity Model Certification Accreditation Board (CMMC-AB) yesterday, several months after the agreement, and added that the department is working to ensure the new standard is applied equally across the defense industrial base.
“The Department is finalizing a zero cost contract with the CMMC-AB to ensure that CMMC is applied equally throughout the Defense Industrial Base with consistency and rigor,” DoD said in a June 1 press release, while noting that CMMC will remain a priority for the Pentagon despite the delay in the Memorandum of Understanding (MoU) announcement. “Extensive engagement” in helping combat COVID-19 was the main cause for announcement delay of several weeks.
The MoU was signed by Under Secretary of Defense for Acquisition and Sustainment Ellen Lord and Ty Schieber, chairman of the CMMC-AB, a nonprofit organization incorporated in January. The MoU states that “DoD will only accept certifications from an assessor or a CMMC Third Party Assessment Organization (C3PAO) who has been accredited for assessment by the CMMC-AB.”
DoD intends to conduct CMMC Pilots with new contracts later this year and requests for information for these pilots will be released this summer. Additionally, CMMC-AB anticipates that it’ll open registration for C3PAOs and assessors later this week.