CMMC accreditation body explores tech solutions for exams, reviewing third-party training

By Sara Friedman / May 29, 2020 at 8:30 AM

The independent accreditation body for the Pentagon's Cybersecurity Maturity Model Certification program is collecting information from potential vendors who are able to provide a platform for assessors to take their exams for certification.

In a request for information released on Thursday, the CMMC Accreditation Body said it is collecting "market research" to help the organization "with identifying interested and capable sources for solicitation of one organization to support the creation and delivery of exams to evaluate and certify professionals in the CMMC ecosystem."

The CMMC AB is aiming to gather information around "gaining knowledge of commercial practices, identifying risks, identifying potential requirements definition and contract construct alternatives, identifying appropriate request for proposal and contract terms and conditions, and identifying potential evaluation discriminators and evaluation approaches."

"CMMC-AB desires a global exam development and delivery solution and expects to partner with an organization who can deliver services around the globe and in multiple languages," according to the RFI. "CMMC-AB anticipates development of a majority of the content in the United States and in English. However, DOD and U.S. Government operations across multiple countries, as well as future engagement with allied nations, result in an anticipated requirement to support professionals who seek to learn about CMMC in other countries and languages."

The RFI lists exam capabilities and procedures, and asks for fee rates for the design, development and delivery of the exam solution. The CMMC AB is also looking for details from companies on "representative experience on efforts of similar scope and scale. This includes client lists, case studies, references, etc."

In a separate RFI, the accreditation body asks for details on solutions to review third-party developed training.

"Ultimately, the CMMC-AB anticipates a solicitation resulting in selection of a single organization to support the review and quality assurance of educational content developed and marketed by partner organizations," the CMMC writes in the second RFI.

The accreditation body is looking to get details on several solution capabilities including:

  • Verify delivered training programs to the official CMMC-AB standard
  • Perform statistical analysis of the overall quality of the provided training programs and their likelihood to meet desired learning objectives
  • Achieve Service Level Agreements (SLAs) for both schedule and cost for training program reviews
  • Provide various metrics on the quality of training programs evaluated
  • Provide training developers a secure means of uploading their developed training programs for evaluation
  • Create a program to manage the licensing of various approved training programs to include items such as; review of licensing agreements, termination of licensing agreements, payments for licensing agreements, metrics for licensing agreements, etc.
  • Review training programs delivered across different channels (e.g. slides, video, live instructor, mobile app, etc.)
  • Ensure partner delivered training programs include evaluations to test student ability during the training program via quizzes, tests, exercises, etc.

The CMMC AB is asking for responses for both RFIs to be submitted by June 10.