Defense contractors will be able to learn more about the DoD’s Cybersecurity Maturity Model Certification (CMMC) Accreditation Body, which is currently open for public comment, at a Nov. 19 forum.
In-person registration is full for the Defense Department’s industry event in Arlington, but interested parties can register to watch the livestream beginning at 8:30 a.m. EST.
Development of the CMMC framework was announced by DoD this summer, with the supply-chain security aim of protecting controlled unclassified information on vendor websites. The first version of the CMMC framework is expected to be available in January; by next summer, the requirements should be included in requests for information.
The Office of the Undersecretary of Defense for Acquisition and Sustainment received responses from an RFI on how to define the long-term implementation, execution, sustainment and growth of the CMMC Accreditation Body, which will set the terms and conditions for accrediting CMMC Third-Party Assessment Organizations (C3PAOs).
The CMMC Accreditation Body will provide oversight for CMMC accreditations and assessments, including managing and providing all associated processes (e.g., quality control, training, dispute resolution, database and records management). The CMMC Accreditation Body will liaise with the Department of Defense regarding the CMMC assessments of individual companies.
The meeting will address only these key topics and requirements associated with forming a CMMC Accreditation Body. This kickoff meeting will not discuss or address any requirements associated with creating C3PAOs or the incorporation of assessment tools or infrastructure. The intent is for the Accreditation Body to address C3PAO and assessment tool requirements after it has formed.