Statement on the Department of War’s Suspension of CMMC Phase II Requirements
Statement on the Department of War’s Suspension of CMMC Phase II Requirements
NATIONAL HARBOR, Md.--(BUSINESS WIRE)--The Cyber AB, the official accreditation body for the Department of War’s Cybersecurity Maturity Model Certification (CMMC) program, acknowledges Monday’s Pentagon announcement of its suspension of CMMC Phase II requirements and the establishment of a CMMC Reform Task Force to conduct a 60-day review of the program.
“While we are both surprised and disappointed in yet another momentary pause to this original and vital Trump Administration program, we are confident that the continued and measurable progress of CMMC, the immense investment that companies throughout the DIB and within the CMMC Ecosystem have already made in its future, and the absolute criticality of third-party verification of cybersecurity conformity will prove itself indispensable under a rigorous review,” stated Chief Executive Officer Matthew Travis.
“We are standing by to cooperate with the CMMC Reform Task Force and provide them with the accurate information they will require to recommend needed improvements to the program.”
The final CMMC rule was just codified in the Code of Federal Regulations eight months ago, and the CMMC Program has already produced sizeable and steady outcomes in the furtherance of the Department’s supply-chain cybersecurity goals, including:
- Over 1,000 CMMC Certified Assessors (CCAs)
- 110 Authorized CMMC Third-Party Assessment Organizations (C3PAOs)
- Nearly 2,000 defense contractors certified at CMMC Level 2 (FINAL)
- Over 2,000 CMMC Certified Professionals (CCPs)
- Over 2,000 CMMC Registered Practitioners and 400 Registered Practitioner Organizations
- 52 CMMC Approved Training Providers
Considering the Pentagon’s announcement, The Cyber AB is emphasizing that only Phase II implementation requirements have been suspended and that all CMMC program elements remain operational and available, to include C3PAO Level 2 certification assessments, CAICO-sanctioned training courses, CMMC professional exams, Registered Practitioner support services, and the DIBCAC’s assessment of C3PAOs and candidate C3PAOs.
Travis continued, “NIST SP 800-171 and DFARS 7012 requirements remain in place and unchanged for most all contractors. A Level 2 certification by a C3PAO remains a compelling calling card for subcontracting viability to primes and the best insurance policy against False Claims Act risk.”
The Cyber AB will address the Phase II pause, the CMMC Reform Task Force, and other elements of the ongoing CMMC program at its July CMMC Town Hall on Tuesday, 28 July at 6:00 pm EDT. Registration for the Town Hall is available on The Cyber AB website.
“The Arsenal of Freedom demands the right balance of security and efficiency in order to protect and enable our warfighters,” said Travis. “The private-sector, market-based, industry-led approach that the CMMC Ecosystem employs is the converse of bureaucracy, but we know there is more innovation and improvement to be found and CMMC stakeholders want to contribute to this reform.”
For more information on CMMC or The Cyber AB, please visit our website at www.cyberab.org.
About The Cyber AB
The CMMC Accreditation Body, Inc. (d/b/a The Cyber AB) is a private, independent, Maryland-based, nonprofit, 501(c)(3) tax-exempt organization that serves as the sole official non-governmental partner of the Department of War, via a non-cost contract, for the authorization, accreditation, and administration of the CMMC Ecosystem.
Contacts
Media Contact:
Kimberly Kantor
kkantor@cyberab.org
678.313.2955 (m)
