DOD IG raises concerns over process to authorize C3PAOs for CMMC program

By Sara Friedman / January 15, 2025 at 9:37 AM
A new audit from the Defense Department inspector general finds gaps in the Pentagon's process to authorize 11 certified third-party assessment organizations that applied to be part of the Cybersecurity Maturity Model Certification program. “The objective of this audit was to determine whether the DoD ensured that the process for authorizing third-party organizations to perform Cybersecurity Maturity Model Certification (CMMC) 2.0 assessments was effectively implemented,” the DOD IG says in its Jan. 10 report . The audit was a review...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.