On May 21, the CMMC Accreditation Body (CMMC AB) posted a video update to its website providing clarification about the CMMC assessor program and training for CMMC Third Party Assessor Organizations (C3PAOs). Ben Tchoubineh, the chair of the AB’s Training Committee, detailed a two-phase approach to rolling out assessor training and certification. A provisional training program is being introduced in the coming weeks for an initial class of 60 assessors to perform initial CMMC compliance assessments in “close collaboration” with the CMMC AB in 2020.
The second phase of the rollout will introduce a long-term, sustainable “formal program” that will incorporate lessons learned from the provisional program and introduce additional learning channels. Rolling out immediately after the provisional program, the formal program will introduce a broader hierarchy of certifications for assessors, depending upon candidate interest and experience level. The formal training program will also result in a Centralized Body of Knowledge for the promotion of “standardization and quality.”
The CMMC framework was adopted by the Department of Defense (DoD) in early 2020 to enforce protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) throughout its supply chain. Contractors planning to bid on contracts with the DoD will be certified demonstrating implementation of a certain baseline of security requirements, as defined in each DoD contract request for proposal (RFP). Introduction of the assessor training program is the most recent step in the rollout of the CMMC framework in the supply chain. The entirety of the video announcement can be found on the CMMC website.
The video update posted by the CMMC Accreditation Body follows DHG’s own live streaming webinar, the first in a monthly series of webinars scheduled for the summer. During the first webinar, DHG hosted Andrew Hoover and Katie Stewart, the architects of the CMMC framework from the CERT Coordination Center of Carnegie Mellon University, to breakdown key requirements in the lower levels of the CMMC Maturity Level framework. Information about DHG’s upcoming webinars – titled “CMMC Trailblazer Webinar Series” – can be found below.
How DHG Can Help Contractors
Contractors should begin preparing for CMMC requirements, as failure to achieve compliance could be a barrier to entry for new DoD contracts. DoD believes that cybersecurity is a cost of doing business and has indicated that costs associated with CMMC requirements will be allowable. To assist contractors, DHG IT Advisory and DHG Government Contracting maintain a forward-thinking and credentialed cybersecurity team with significant experience assessing and advising on cybersecurity programs and control implementation. As CMMC requirements evolve and appear in DoD requests for information (RFIs) and RFPs, we are helping contractors anticipate potential compliance issues and prioritize resources to meet compliance objectives with the following services:
- Readiness Assessments and Gap Analyses Against the CMMC Framework
- Network Security Assessments and Penetration Testing
- System Security Plan (SSP) Documentation Development
- Security Awareness Training Program Assessment
- vCISO and Project Management
CMMC Trailblazer Webinar Series
DHG is hosting a monthly webinar series throughout the summer, focusing each webinar on a different aspect of CMMC. Our next webinar will feature DoD’s key sponsor of CMMC, Katie Arrington, who will be taking questions collected from attendees in advance of the webinar. Please use the link below to register and submit your questions for Ms. Arrington.
May 13: Breaking Down Levels 1 – 3 with CMMC Architects COMPLETED! View recording
June 17: A Fireside Update and Q&A with DoD’s Katie Arrington
July 8: Third Party Service Providers and CMMC Compliance with Panel of IT MSPs
August 12: CMMC in the DFARS and Contracts with Holland & Knight’s Eric Crusius