Defense official: Auditors won't be allowed to consult for companies they certify under CMMC program

By Sara Friedman / April 30, 2020 at 11:00 AM
Auditors under the Cybersecurity Maturity Model Certification will be prohibited from consulting with companies they are certifying in an effort to create "checks and balances," according to DOD acquisition Chief Information Security Officer Katie Arrington. The policy, established under the memorandum of understanding between the Defense Department and CMMC Accreditation Body, will require auditors to sign a nondisclosure agreement with the companies that they certify, Arrington said during a webinar hosted by Nextgov on Wednesday. "If you go out and...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.