The Cybersecurity Maturity Model Certification program is in the early stages of rulemaking after undergoing a major revision late last year, but voluntary CMMC assessments are scheduled to begin Aug. 22 and continue for several weeks, officials confirmed.
“I’m really excited that we are at the point now that voluntary assessments have actually been scheduled,” Cyber Accreditation Body Chief Executive Officer Matt Travis said during a Tuesday town hall meeting…
Travis said DoD has communicated that companies who pass assessments during the voluntary phase will be receive CMMC Level Two accreditation once the requirements become effective. DoD still needs to go through a lengthy rulemaking process for that to happen.
The Cyber Accreditation Body also released a “pre-decisional draft” of the CMMC Assessment Process, or the “CAP.” The document is critical to the certification program, as it lays out how CMMC Third Party Assessment Organizations (C3PAOs) will prepare for and conduct assessments of defense contractors… Read the full article here.