Popular Voices

CMMC Accreditation Body Still in Selection Process for C3PAOs

CMMC Accreditation Body Still in Selection Process for C3PAOs

The Cybersecurity Maturity Model Certification Accreditation Body has confirmed in an online meeting it has yet to select certified third-party assessment organizations for the CMMC initiative.

James Goepel, chairman of the accreditation body’s Finance Committee, described the selection of C3PAOs as a work in progress. Goepel urged aspiring C3PAOs to abide by the compliance rules defined in the National Institute of Standards and Technology Special Publication 800-171, which he considers as an integral foundation for the CMMC, MeriTalk reported Monday.

Board member John Weiler supported Goepel’s advice, noting that NIST 800-171 is a subset of CMMC. Weiler ruled out self-assessments and said the CMMC will adopt a no-trust, must verify approach.

Another board member, Mark Berman, said the group will conduct a follow-up webinar since the meeting was disrupted by technical difficulties.

Category: Popular Voices

Tags: C3PAOs Certified Third-Party Assessment Organizations CMMC cybersecurity certification Cybersecurity Maturity Model Certification Department of Defense James Goepel John Weiler Mark Berman MeriTalk National Institute of Standards and Technology NIST 800-171 Popular Voices Ty Schieber