The accreditation body for the Department of Defense’s Cybersecurity Maturity Model Certification program held a webinar Monday and board members said they are still working on the criteria, registration and vetting processes for CMMC third-party assessment organizations, Nextgov reported Tuesday.
James Goepel, chair of the CMMC-AB’s finance committee, told webinar participants C3PAOs would register through the accreditation body’s website. He added the body is working to provide “an understanding of how ultimately you’re going to be matched up with these organizations seeking certification.”
CMMC-AB’s board of directors also responded to questions about self-verification and penetration testing for cyber vulnerabilities, among other issues. Katie Arrington, chief information security officer at the office of the undersecretary of defense for acquisition and a 2020 Wash100 award winner, took part in the webinar.
Ty Scheiber, chair of CMMC-AB, issued an email apologizing for the technical issues encountered during the event. “We are restructuring our approach to provide the intended forum and will have details on our revised plan out to you shortly,” he added.