DCMA pauses audits for CMMC assessment organizations to address program changes

By Sara Friedman / November 23, 2021 at 11:06 AM
Cyber certification audits for certified third-party assessment organizations are currently on hold at the Pentagon while the Defense Department works through changes to its Cybersecurity Maturity Model Certification program, according to a DOD official. The Defense Contract Management Agency started conducting level three assessments for C3PAOs in early 2021, and five C3PAOs are currently listed as “authorized” on the CMMC Accreditation Body’s marketplace. The C3PAO audits are conducted by the Defense Industrial Base Cybersecurity Assessment Center. DIBCAC “assessments under CMMC...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.