The DOD marked a milestone with the Defense Contract Management Agency finishing its review of the first of a new crop of auditing entities. A final rule to implement the CMMC is already enforceable in an interim rule. The rules are not far away from getting announced.
CMMC arose out of the need to verify the cybersecurity practices of the companies serving the DOD. In previous scenarios, the contractors only needed to comply with standards laid out by the National Institute of Standards.The program would enable DCMA to audit the suppliers on-site. It has proposed the development of an outside Organization to keep a check on malicious content received by the cyber computer of the companies. The organization would be entitled to the CMMC Acceleration Body.
CMMC, addressing the concern, insisted that the C3PAOSs appointed to conduct activities need to themselves be audited for cybersecurity by the DIBCAC. It would delay the process of auditing even further resulting in the disarray of the US administration and the DOD. CMMC at a virtual town hall said that the department is making headway and provided an update of the AB’s efforts to conduct initial training and testing, which would be a significant step-up in the grand scheme of things.