DOD Concludes Review of CMMC Certification Organization, Here are Insights

The DOD marked a milestone with the Defense Contract Management Agency finishing its review of the first of a new crop of auditing entities. A final rule to implement the CMMC is already enforceable in an interim rule. The rules are not far away from getting announced.

CMMC arose out of the need to verify the cybersecurity practices of the companies serving the DOD. In previous scenarios, the contractors only needed to comply with standards laid out by the National Institute of Standards.The program would enable DCMA to audit the suppliers on-site. It has proposed the development of an outside Organization to keep a check on malicious content received by the cyber computer of the companies. The organization would be entitled to the CMMC Acceleration Body.

The work of the CMMC AB is to scale the auditing operations beyond what the DCMA’s Subsidiary unit could manage. But the vast majority of the authorities have scrutinized the group implementation of the program. The work is accountable to two bodies and hence it would cause immersive disruptions in the Company’s internal matters. The concern that the industry raised was on the point that their data won’t be safe with the companies licensed to conduct the audits- CMMC Third Party Assessment Organization.

CMMC, addressing the concern, insisted that the C3PAOSs appointed to conduct activities need to themselves be audited for cybersecurity by the DIBCAC. It would delay the process of auditing even further resulting in the disarray of the US administration and the DOD. CMMC at a virtual town hall said that the department is making headway and provided an update of the AB’s efforts to conduct initial training and testing, which would be a significant step-up in the grand scheme of things.