Pentagon acquisition chief criticizes misleading information about new cybersecurity certification

By Justin Doubleday / March 13, 2020 at 4:52 PM

Defense Department acquisition chief Ellen Lord is calling out unnamed "third-party entities" for claiming they can offer assessments under the Pentagon's new contractor cybersecurity certification program.

In a statement released to the media today, Lord said she has "consistently stressed the importance of communicating and engaging extensively" with stakeholders regarding DOD's new Cybersecurity Maturity Model Certification.

"Unfortunately, the department has learned that some third-party entities have made public representations of being able to provide CMMC certifications to enable contracting with DOD," Lord said. "The requirements for becoming a CMMC third-party assessment organization (C3PAO) have not yet been finalized, so it is disappointing that some are trying to mislead our valued business partners."

DOD released the CMMC Version 1 in January, but officials won't begin including the requirements in contracts until this fall.

"To be clear, there are no third-party entities at this time who are capable of providing a CMMC certification that will be accepted by the department," Lord said. "At this time, only training materials or presentations provided by the department will reflect our official position with respect to the CMMC program."

Lord said she has reached out to the heads of the Professional Services Council, the Aerospace Industries Association and the National Defense Industrial Association "to make them aware" of entities claiming to offer CMMC certification services.

DOD and the independent CMMC Accreditation Body are close to reaching an agreement on roles and responsibilities for executing the CMMC program, including how the body will go about accrediting third-party certification organizations.

"Moving forward I am confident we will soon sign a Memorandum of Understanding (MOU) with the Cybersecurity Maturity Model Certification Accreditation Body on the accreditation, certification and approval processes relating to the Defense Supply Chain," Lord said. "When that happens we will make an announcement."

206830

About the Insider

The INSIDER is a daily news digest from Inside Defense. Every business day, the INSIDER delivers news and notes on the Defense Department, Congress and the defense industry. And every day, we send you highlights via email.

Depending on the terms of your subscription to Inside Defense, you will have easy access to the linked articles and documents.

If you have any questions about the INSIDER, please contact our Customer Service Department at 1-800-424-9068 or insidedefense@iwpnews.com.