Cyber certification audits for certified third-party assessment organizations are currently on hold at the Pentagon while the Defense Department works through changes to its Cybersecurity Maturity Model Certification program, according to a DOD official. The Defense Contract Management Agency started conducting level three assessments for C3PAOs in early 2021, and five C3PAOs are currently listed as “authorized” on the CMMC Accreditation Body’s marketplace. The C3PAO audits are conducted by the Defense Industrial Base Cybersecurity Assessment Center. DIBCAC “assessments under CMMC...
