The Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) and the Department of Defense (DoD) signed a no-cost contract on Nov. 25, containing a new statement of work that explains the relationship between the Pentagon and the AB, FedScoop reported on Monday.
CMMC-AB will remain the sole accreditor and oversight board implementing CMMC for contractors. The contract has solidified the AB as the sole accreditation body in the CMMC process.
The AB accredits the assessors that will inspect the networks of contractors. The body also supervises the training and consulting landscape by licensing teaching organizations and charging consultants for CMMC-specific training.
With the signed contract, the AB will be able to increase speed of the CMMC roll out. The new statement of work reflects the AB’s first memorandum of understanding (MOU). The contract will also enable the AB to hire more staff and finalize its search for a CEO.
The AB continues to operate as a volunteer board that makes both long-term and day-to-day decisions, a situation many board members are eager to move beyond. The DoD said it will not provide funds to the AB as it works to implement the program.
The new contract comes as a Defense Federal Acquisition Regulation (DFAR) rule change takes effect on Dec. 1 that allows DoD to implement CMMC requirements into contracts.
Katie Arrington, Chief Information Security Officer (CISO) with the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, delivered her keynote address during Potomac Officers Club’s Fall CMMC Forum. She discussed scoping maturity and the CMMC timeline.
Following Arrington’s address, Potomac Officers Club’s Fall CMMC Forum featured an expert panel that addressed the requirements and priorities of implementing the certification, including scoping of CMMC assessments, supply chain impacts and C3PAOs.