Ty Schieber, chairman of the Cybersecurity Maturity Model Certification accreditation board, said the Department of Defense has granted the nonprofit group formal authority to select third-party assessment organizations that will audit companies' CMMC compliance, FedScoop reported Thursday.
DoD formally authorized the accrediation body to vet and certify 3PAOs through a memorandum of understanding signed between the two parties.
The report said contractors must hire accredited assesors to evaluate and validate their cybersecurity posture before they can pursue defense contracting opportunities.
Schieber noted during a virtual event Thursday that the accreditation process has not started yet and warned of companies that are claiming to be certified testers under the CMMC program.
Katie Arrington, chief information security officer in the office of defense undersecretary for acquisition and a 2020 Wash100 awardee, said she expects that all DoD contracts will incorporate cybersecurity requirements by 2025.