About 3,500 people have registered for the first of a series of webinars organizers are planning to meet the high demand for knowledge of how the Pentagon’s Cybersecurity Maturity Model Certification program will work.
The CMMC Accreditation Body — newly incorporated as a nonprofit in Maryland — emailed stakeholders last Wednesday touting its activity so far in standing up a system to manage audits of defense contractors’ cybersecurity and outlining the next steps.
Implementation of the CMMC will end the current policy of defense contractors self-attesting their adherence to specific security controls, such as those outlined in National Institute of Standards and Technology Special Publication 800-171.
The program has made many in the industry anxious about exactly what auditors will want to see in order to hand over the certifications necessary to do business with the Defense Department and created an ecosystem of independent third parties eager to profit from the system.
Two weeks ago, Ellen Lord, undersecretary of Defense for acquisitions, issued a statement dispelling claims some were making that they could provide the sought-after certifications.