Katie Arrington, chief information security officer at the office of assistant secretary of defense for acquisition and a 2020 Wash100 Award winner, said the Department of Defense (DoD) is close to signing a new agreement with the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body responsible for training auditors for the CMMC program, Nextgov reported Tuesday.
“They have come light years. We have done two provisional training classes—they're actually in the middle of the third,” Arrington said of the CMMC AB during a webinar Tuesday. “We in the Department of Defense, are, I think today we finalize the statement of work with them. We had a [memorandum of understanding] previously. We've been working on a SOW with the no-cost contract to the AB for five years plus.”
She also cited the need for the CMMC AB to spin off ISO-certified accreditation bodies under the new statement of work.
“We needed the AB to be able to spin off and create competition to ensure that we were able to keep the competitive nature of the marketplace itself viable for an enduring capability,” Arrington said. “So it's, it's not that they're not a part of it. They're at the core of it.”