ISACA Authorized as the CAICO for the US Department of War’s CMMC Program

WASHINGTON--(BUSINESS WIRE)--Global professional association ISACA—best known for its Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications—has been authorized as the new and exclusive CMMC Assessor and Instructor Certification Organization (CAICO) for the Cybersecurity Maturity Model Certification (CMMC) program of the US Department of War (DoW). This means ISACA is the trusted credentialing leader to manage the training, examination, and professional certification for professionals, assessors, and instructors throughout the global CMMC program. Upon full maturity, it is expected that CMMC will be one of the largest cybersecurity certification programs in the world.

Association takes on leading role in worldwide cybersecurity certification initiative.

Share

The credentials ISACA will administer for the CMMC program are the CMMC Certified Professional (CCP), the CMMC Certified Assessor (CCA) and Lead CCA, and the CMMC Certified Instructor (CCI).

CMMC is a program to protect the Defense Industrial Base (DIB) and affects hundreds of thousands of organizations domestically and internationally. It assesses US-National Institute for Standards and Technology (NIST) standards to ensure Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) are protected.

Most organizations that conduct business with the US DoW must have a certain level of CMMC certification for assessing and certifying the cybersecurity requirements of defense contractors to ensure they adequately protect DoW’s data. Formal implementation of CMMC requirements began November 10, 2025, with a phased implementation increasing for the next three years toward full implementation by November 2028.

“ISACA is proud to be recognized as the trusted organization to administer the credentialing program for DoW’s CMMC,” said ISACA CEO Erik Prusch. “We look forward to leveraging our deep cybersecurity and assurance roots and our global leadership in cybersecurity maturity, training, credentialing and assessment to serve as the CAICO and help the DoW meet the challenge of protecting its sensitive information.”

Todd Gagnon, a career US Naval officer who has been at the forefront of the US cyber apparatus, will be leading this program for ISACA. He has worked closely with both the defense industrial base and the joint environment across DoW, bringing substantial experience in both industry and government.

“ISACA’s role as the CAICO gives us the opportunity to take a leading role in addressing the cybersecurity skills gap and creating the workforce needed for elevating the cybersecurity posture of the DIB,” said Chris Dimitriadis, Chief Global Strategy Officer for ISACA. “We are excited to have Todd Gagnon lead the CAICO, and we believe that his experience and expertise will prove to be highly valuable for the success of the program.”

Previously, the CAICO was operated by The Cyber AB, which remains the official CMMC accreditation body.

“We are thrilled to transition the CAICO and the stewardship of its critical mission to ISACA,” remarked Matthew Travis, CEO of The Cyber AB. “ISACA brings unsurpassed credibility and experience to the CMMC program, along with its world-class quality management of professional IT certifications. CMMC will benefit enormously from ISACA’s operation of the CAICO, which will directly contribute to building greater trust and confidence in the quality of CMMC assessors and in the program overall.”

While ISACA as the CAICO is effective immediately, the full transition of services will occur by April 1, 2026. This new role is in addition to ISACA’s current credentialing program, which includes CISA, CISM, CGEIT, CRISC, CDPSE and a suite of advanced AI credentials.

Additional information can be found at www.isaca.org/cmmc. Those who wish to pursue or renew the CCP, CCA, or Lead CCA credentials before April 1 can register on the Cyber AB web site.

About ISACA
ISACA^® (www.isaca.org) champions the global workforce advancing trust in technology. For more than 55 years, ISACA has empowered its community of 185,000+ members with the knowledge, credentials, training and network they need to thrive in fields like information security, governance, assurance, risk management, data privacy and emerging tech. With a presence in more than 190 countries and with nearly 230 chapters worldwide, ISACA offers resources tailored to every stage of members’ careers—helping them to thrive in a rapidly changing digital landscape, drive trusted innovation and ensure a more secure digital world. Through the ISACA Foundation, ISACA also expands IT and education career pathways, fostering opportunities to grow the next generation of technology professionals.

LinkedIn: www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAGlobal
Instagram: www.instagram.com/isacanews/