Popular Voices

CMMC Accreditation Body Still in Selection Process for C3PAOs

CMMC Accreditation Body Still in Selection Process for C3PAOs

The Cybersecurity Maturity Model Certification Accreditation Body has confirmed in an online meeting it has yet to select certified third-party assessment organizations for the CMMC initiative.

James Goepel, chairman of the accreditation body’s Finance Committee, described the selection of C3PAOs as a work in progress. Goepel urged aspiring C3PAOs to abide by the compliance rules defined in the National Institute of Standards and Technology Special Publication 800-171, which he considers as an integral foundation for the CMMC, MeriTalk reported Monday.

Board member John Weiler supported Goepel’s advice, noting that NIST 800-171 is a subset of CMMC. Weiler ruled out self-assessments and said the CMMC will adopt a no-trust, must verify approach.

Another board member, Mark Berman, said the group will conduct a follow-up webinar since the meeting was disrupted by technical difficulties.

Potomac Officers Club Logo
Sign up for Potomac Officers Club's daily briefing
Receive updates on events and relevant news

Category: Popular Voices