Cybersecurity Maturity Model Certification

On March 18, 2020, the Department of Defense (DoD) released Version 1.02 of the Cybersecurity Maturity Model Certification (CMMC) document, as a replacement for Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012. The DFARS clause mandated compliance with NIST Special Publication 800-171, while the change will dictate companies are certified at an appropriate level of maturity against the CMMC. The DFARS change is expected in late Fall 2020.

CMMC FAQ

The CMMC-AB website and newsletter provide the latest information.

The CMMC-AB establishes and oversees a qualified, trained, and high-fidelity community of assessors that can deliver consistent and informative assessments to participating organizations against a defined set of controls/best practices within the Cybersecurity Maturity Model Certification (CMMC) Program.
The CMMC Model itself is created and managed by the DoD. The CMMC-AB was incorporated in January 2020, and have formally engaged in an MOU (memorandum of understanding) with DoD. They have started hiring a professional staff to execute the CMMC-AB’s mission.

Check the page where they will publish the CMMC-AB Standard. It will always have a link to the current version of the DoD CMMC model and any materials that DoD publishes.

CMMC-AB does not have any detailed insight into the DoD’s specific plan. However, the DoD has previously stated that it plans to introduce CMMC requirements into solicitations on a gradual basis starting in September 2020.

Once the standard is complete, the training is developed, and Assessors are certified to provide CMMC certification, the CMMC-AB will release a publicly available list of Assessors on their website.

In September 2020, the CMMC-AB approved the first LPPs to deliver certification curriculum and published a list on their website. Edwards is proud to have been selected as an LPP.

Not yet, but there will be a list available on the CMMC-AB website soon. The C3PAO accreditation process is in development still, with formal adoption and approval by the CMMC-AB in the upcoming months.