First CMMC assessment organization approved
The accrediting body overseeing the Defense Department's Cybersecurity Maturity Model Certification program announced the debut of the first organization authorized to assess defense contractors.
The accrediting body overseeing the Defense Department's Cybersecurity Maturity Model Certification program announced June 9 that RedSpin has met requirements for Certified Third-Party Assessment Organizations and passed the CMMC Level 3 assessment administered by the Defense Industrial Base Cybersecurity Assessment Center.
With the first authorized C3PAO organization and more expected this summer, the CMMC-AB's plans to have an operational training ecosystem are taking shape. There are currently 156 organizations awaiting approval, according to the CMMC-AB's marketplace website.
Matthew Travis, the accrediting body's CEO, said the standing up of the first C3PAO, which will be able to conduct CMMC assessments across the defense industry base, was a "significant milestone" amid recent cyber events.
"As recent events emphasize how aggressively cyber threat actors are targeting our nation, the role of CMMC is more vital than ever as we take a united approach to protecting critical assets and information within the Defense Industrial Base," Travis said in a statement announcing the change.