The Accreditation Body responsible for orchestrating the implementation of the Defense Department’s (DoD) new cybersecurity standard for contractors released two requests for information on May 27 as the organization looks to begin training assessors this summer.
The requirements for certified third-party assessment organizations (C3PAOs) are scheduled to be released next week, the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) told MeriTalk in an email. On May 8, Ty Schieber, the chairman of the CMMC-AB, said assessors won’t be trained until “late June, early July.”
The CMMC-AB, a non-profit organization, is looking to create process of cybersecurity certification for defense contractors where currently the companies self-attest to meeting the requirements of the National Institute of Standards and Technology.
The first request is for market research to help the CMMC-AB find “one organization to review third-party developed training,” according to the organization’s website. The goals of the market research “include gaining knowledge of commercial practices, identifying risks, identifying potential requirements definition and contract construct alternatives, identifying appropriate request for proposal and contract terms and conditions, and identifying potential evaluation discriminators and evaluation approaches.”
The second request is for market research to help the CMMC-AB find “one organization to support the creation and delivery of exams to evaluate and certify professionals in the CMMC ecosystem,” according to the organization’s website. The goals of the market research for the second request are the same as the first.
Both requests for information have response dates of June 10, 2020.