CMMC Accreditation Body Still in Selection Process for C3PAOs
The Cybersecurity Maturity Model Certification Accreditation Body has confirmed in an online meeting it has yet to select certified third-party assessment organizations for the CMMC initiative.
James Goepel, chairman of the accreditation body’s Finance Committee, described the selection of C3PAOs as a work in progress. Goepel urged aspiring C3PAOs to abide by the compliance rules defined in the National Institute of Standards and Technology Special Publication 800-171, which he considers as an integral foundation for the CMMC, MeriTalk reported Monday.
Board member John Weiler supported Goepel’s advice, noting that NIST 800-171 is a subset of CMMC. Weiler ruled out self-assessments and said the CMMC will adopt a no-trust, must verify approach.
Another board member, Mark Berman, said the group will conduct a follow-up webinar since the meeting was disrupted by technical difficulties.
Category: Popular Voices
Tags: C3PAOs Certified Third-Party Assessment Organizations CMMC cybersecurity certification Cybersecurity Maturity Model Certification Department of Defense James Goepel John Weiler Mark Berman MeriTalk National Institute of Standards and Technology NIST 800-171 Popular Voices Ty Schieber