Cybersecurity Maturity Model Certification

On March 18, 2020, the Department of Defense (DoD) released Version 1.02 of the Cybersecurity Maturity Model Certification (CMMC) document, as a replacement for Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012. The DFARS clause mandated compliance with NIST Special Publication 800-171, while the change will dictate companies are certified at an appropriate level of maturity against the CMMC. The DFARS change is expected in late Fall 2020.


The CMMC-AB website and newsletter provide the latest information.

The CMMC-AB establishes and oversees a qualified, trained, and high-fidelity community of assessors that can deliver consistent and informative assessments to participating organizations against a defined set of controls/best practices within the Cybersecurity Maturity Model Certification (CMMC) Program.
The CMMC Model itself is created and managed by the DoD. The CMMC-AB was incorporated in January 2020, and have formally engaged in an MOU (memorandum of understanding) with DoD. They have started hiring a professional staff to execute the CMMC-AB’s mission.

Check the page where they will publish the CMMC-AB Standard. It will always have a link to the current version of the DoD CMMC model and any materials that DoD publishes.

CMMC-AB does not have any detailed insight into the DoD’s specific plan. However, the DoD has previously stated that it plans to introduce CMMC requirements into solicitations on a gradual basis starting in September 2020.

Once the standard is complete, the training is developed, and Assessors are certified to provide CMMC certification, the CMMC-AB will release a publicly available list of Assessors on their website.

In September 2020, the CMMC-AB approved the first LPPs to deliver certification curriculum and published a list on their website. Edwards is proud to have been selected as an LPP.

Many OSCs need a trusted consultant to support their CMMC journey from preparation through certification. RPOs exclusively provide CMMC consulting and support to OSCs in the Defense Industrial Base (DIB). The CMMC-AB created the RPO certification to provide approved organizations known for their quality and dedication to CMMC standards. RPOs leverage Registered Practitioners (RPs) to deliver pre-assessment services. Edwards is a Registered Provider Organization, certified through the CMMC-AB, and our Cybersecurity Team are Registered Practitioners.

Edwards is a certified C3PAO. A comprehensive list is available on the CMMC-AB website. The C3PAO accreditation process is in development still, with formal adoption and approval by the CMMC-AB in the upcoming months.

Yes, Edwards is a CMMC-AB approved Licensed Partner Publisher (LPP). We create CMMC courses such as CMMC Executive Overview and CMMC Fundamentals, as well as training based on the CMMC-AB curriculum. Contact us at or visit our training platform for more information.