The Accreditation Body for the Defense Department Cybersecurity Maturity Model Certification (CMMC), a framework to evaluate security in the defense supply chain, has its first two certified third-party assessment organizations. The board will certify more assessors, or C3PAOs, in the coming weeks and months.
- Matthew Travis, first chief executive officer of the CMMC Accreditation Body, said this is a signal that “we’re breathing life into the CMMC ecosystem” after over a year of planning and discussion.
- Travis said there are over 460 C3PAO candidates in the queue and the board expects assessments to begin later this year.
- Travis said he is hearing companies are anxious to get started and have some questions remaining about the cost burden of certification.