BETHESDA, Md.--(BUSINESS WIRE)--The CMMC Accreditation Body (CMMC-AB) expressed its support for the proposed changes to the implementation of the Cybersecurity Maturity Model Certification (CMMC) initiative that were revealed by the Department of Defense today following a six-month internal program review.
The Pentagon disclosed significant changes to the CMMC technical standard, most notably by removing two levels (former CMMC Levels 2 and 4) from the maturity model framework, and designating CMMC Level 1 as a self-attestation requirement only. Additionally, the elimination of novel CMMC maturity practices from the standard and the inclusion of limited Plans of Action and Milestone (POAMs) as an acceptable form of remediation for certain CMMC practices will have a significant impact on how Defense Industrial Base (DIB) companies prepare for and implement CMMC.
Matthew Travis, the chief executive officer of the CMMC Accreditation Body, welcomed the arrival of these decisions. “We congratulate the Department of Defense’s leadership and the CMMC Executive Steering Group on formulating what we see as meaningful and compelling improvements to the implementation of CMMC,” Travis said. “The DOD approached this from the appropriate risk management perspective and delivered on what the internal review set out to accomplish: clarifying the standard, reducing the cost burden, improving scalability, and instilling greater trust and confidence in the CMMC Ecosystem.”
“There will be some short-term challenges to confront,” Travis continued, “such as curricula adjustments our training providers will now need to make, and the time requirement for yet another round of federal rulemaking. But now that there is a definitive way forward, I hope all parties move with alacrity. Moreover, as we continue our exclusive partnership with DOD in this effort, I am most encouraged by the Department’s commitment to the Interim Program in which CMMC Certifications will be authorized, incentivized, and honored for those DIB companies who elect to pursue certification before the formal CMMC mandate is codified. We want to get those started soon and I expect the market demand for CMMC Certification to be significant.”
The CMMC-AB will be holding a special CMMC Town Hall to discuss the changes in CMMC 2.0 on Tuesday, November 9, 2021 at 6:00pm EST. To register for the Town Hall, please visit: https://us06web.zoom.us/webinar/register/WN_JPkQvEmDQrq1ZvoweTQsWg
About CMMC Accreditation Body (CMMC-AB)
The CMMC Accreditation Body (CMMC-AB) incorporated in January 2020 as a non-stock corporation in the State of Maryland, with an application pending for a tax-exemption determination by the Internal Revenue Service under Section 501(c)(3). The CMMC-AB is an independent accreditation entity responsible to establish, manage, control, and administer CMMC assessment, certification, training, and accreditation processes for the Defense Supply Chain in accordance with a contract signed with the Department of Defense.