The Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) has allowed an anonymous company to move forward in the Department of Defense's contractor cybersecurity standards certification process, FedScoop reported.
The first company to gain the approval of DIBCAC will now await the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body's (CMMC-AB) decision on whether it will be granted the Certified Third Party Assessment Organization (C3PAO) status that will allow the company to conduct official audits to determine how mature a defense contractor's cybersecurity.
If approved as C3PAO, the company will be able to assess its customer's cybersecurity maturity compliance with the CMMC requirements.
"The certification process is multi-tiered and [Defense Contract Management Agency’s] role is to verify and validate the ability of a C3PAO to protect the data that will be entrusted to them,” said Matthew Montgomery, spokesperson for the DCMA, where DIBCAC falls under.
The center has yet to approve its initial assessments of other organizations looking to achieve C3PAO under CMMC.