The Defense Department is one small step away from officially getting the Cybersecurity Maturity Model Certification (CMMC) off the starting blocks.
Ellen Lord, the undersecretary of Defense for Acquisition and Sustainment, is ready to sign off on the memorandum of understanding with the CMMC accreditation body that would jumpstart the training of third-party assessment organizations.
Katie Arrington, the chief information security officer for acquisition at DoD, said the MOU is through the clearance process and is just awaiting Lord’s signature.
Arrington, speaking at the Washington Technology CMMC event in McLean, Virginia on March 13, said once the MOU is signed, the six-month push to begin putting CMMC standards in procurements officially will begin.
“The accreditation board, the Johns Hopkins University Applied Physics Laboratory, Carnegie Mellon University and DoD are going through simulations of training, working through the kinks,” she said. “The first session of classes will actually be a lot of the proof in the pudding, and DoD will be there to help through this. This is new so we want to make sure we get it right.”