An independent organization called Cyber AB (formerly known as the CMMC Accreditation Body) has given defense contractors the authorization to take voluntary assessments under the Defense Department’s new Cybersecurity Maturity Model Certification (CMMC) program. The CMMC program is a new standard for cybersecurity for defense contractors that is developed by the Department of Defense (DoD) to protect Controlled Unclassified Information (CUI) from cyber threats.
Cyber AB has issued a draft document outlining the assessment process that third-party organizations will need to follow in certifying that defense contractors can securely handle the sensitive information as required by the CMMC program. However, while the assessment process is in draft form and the Pentagon is finalizing its rulemaking for CMMC, defense contractors are now able to undergo voluntary assessments jointly conducted by CMMC-accredited third-party assessment organizations and the DOD’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC).