DOD official: Delays in certifying assessment organizations to shift expected CMMC timeline

The Pentagon is making changes to its schedule for rollout of the Cybersecurity Maturity Model Certification program, due to issues with getting assessment organizations that will conduct audits for contractors fully credentialed by the Defense Department, according to a DOD official overseeing the pilots.

All certified third party assessment organizations need to obtain a CMMC level three certification in order to start conducing assessments for contractors. Those assessments are conducted by DCMA’s Defense Industrial Base Cybersecurity Assessment Center, which has...