The Cybersecurity Maturity Model Certification (CMMC) framework is a new and evolving compliance standard for contractors working with agencies under the Department of Defense (DoD) or select Executive Branch functions. 

Much of this framework focuses on the readiness of a contractor to manage risk and security in their IT systems, and the capabilities they have to handle Controlled Unclassified Information (CUI). Since this is such a new framework, however, there is a push to train cybersecurity auditors and managed service providers who can successfully audit contractors in the upcoming years. Accordingly, there are plenty of companies out there advertising that they can provide training for CMMC audits and implementation. 

You must vet any organization that claims they can provide authorized instruction or assessments for CMMC authorization. 

Read More

CMMC certification is rolling out in RFPs in the defense and federal security compliance space. This framework promotes a uniform approach to security to protect important, unclassified data that passes through third-party vendors working with federal agencies. To ensure that companies meet their compliance requirements, CMMC leverages outside certified assessors to serve as a third-party assessment organization (C3PAO).

This article will cover the basics of C3PAOs in CMMC certification. This discussion includes a breakdown of CMMC requirements and the importance of a C3PAO in providing objective evaluations of vendor security in the defense space. 

Read More