Understanding the Changing Landscape in Cybersecurity Compliance
Until recently, many government contractors working in the defense industrial base (DIB) were able to self-assess and verify the measures they were taking to be cyber compliant. Historically they had three levels of cybersecurity requisites to meet, and for the most part, were accepted off good merit. According to CMMC, DIB companies should continue to self-assess their cyber efforts, but they will also be required to report to Third Party Assessment Organizations (C3PAOs) for an official assessment and certification. Each carefully selected C3PAO has been vetted by a third-party organization, the CMMC-AB. This CMMC Accreditation Body will provide a neutral ground to help operationalize the CMMC through training, information resources, and accrediting all C3PAOs.