Timeframe for CMMC voluntary assessments shifts to August as Pentagon rulemaking plan solidifies

CMMC Accreditation Body CEO Matthew Travis says he expects the Defense Department in early August to allow official third-party assessments under the voluntary cybersecurity certification program, kicking off the start of an interim period where company certifications will be accepted when the CMMC requirements start showing up in contracts next year.

Travis provided an update Tuesday on voluntary program timing at a CMMC-AB “Town Hall” meeting. Travis said the “intent” of the Pentagon and the CMMC-AB is to “get everything...