Inside Cybersecurity

December 7, 2021

Daily News

Defense official: Auditors won’t be allowed to consult for companies they certify under CMMC program

By Sara Friedman / April 30, 2020

Auditors under the Cybersecurity Maturity Model Certification will be prohibited from consulting with companies they are certifying in an effort to create "checks and balances," according to DOD acquisition Chief Information Security Officer Katie Arrington.

The policy, established under the memorandum of understanding between the Defense Department and CMMC Accreditation Body, will require auditors to sign a nondisclosure agreement with the companies that they certify, Arrington said during a webinar hosted by Nextgov on Wednesday.

"If you go out and...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.