Former Cybersecurity and Infrastructure Security Agency Deputy Director Matthew Travis will lead the independent accreditation authority behind the Pentagon's Cybersecurity Maturity Model Certification program, according to an announcement from the entity's board of directors.
Travis, named the first chief executive, will be responsible for overseeing "the day-to-day development and management of the CMMC-AB to support the goals and objectives of its ultimate customer, the Department of Defense," the CMMC Accreditation Body said in a news release. "Travis' appointment is the result of an intensive nationwide search by the AB Board of Directors."
The CMMC Accreditation Body has worked through a volunteer board of directors since its creation in January 2020, standing up a system for training and certification for the first class of assessors who will be working on a provisional basis until the official training program rolls out over the coming months.
The board is in the process creating a spinoff for its training program, which will become a separate entity within the CMMC-AB as part of a no-cost contract with the Defense Department. The CMMC-AB is also working to get certified under the ISO/IEC 17011 standard, per the DOD agreement.
At CISA, Travis had a leading role in the creation of the federal government's first civilian cyber agency. The new CEO has also worked in the private sector as vice president of homeland security for professional services firm Cadmus and co-founded consulting firm Obsidian Analysis.
Travis resigned from CISA last November, following the firing of the former CISA Director Christopher Krebs by President Trump over the agency's election security efforts.
"Joining and leading the CMMC-AB is a tremendous opportunity," Travis said. "I look forward to using my collective experiences of running a security company start-up as well as my time at CISA, where I focused on supply chain risk, to ensure we mitigate risks as they relate to both the DoD and the contractor community.”
Earlier, this month Johnson told Inside Cybersecurity, "I'm working on the right balance of a succession plan to get enough people in, to cycle people through that we need to process out and really to align things for the CEO and the CEO’s success."
The CMMC-AB is in the process of hiring its first full-time staff members and has put out job postings for vice president of training and development, information technology manager, program manager and chief financial officer.