CMMC assessor training expected in late summer

cybersecurity (vs148/ 

Professional training needed to carry out assessments for the Defense Department's unified cybersecurity standard for contractors won't kick off until later this summer, according to an official for the organization overseeing the process.

"I know many of you are eager to learn of when the CMMC ecosystem will kick into full operational gear. I will say this―we are getting close," Matt Travis, the Cybersecurity Maturity Model Certification Accreditation Body's CEO, wrote in a memo accompanying an an updated frequently-asked-questions document.

The much-needed training won't be available until "mid-to-late summer," when classes needed for the training are expected to be authorized.

The board confirmed in its update that only one organization that's a candidate to be a certified third party assessment organization (C3PAO) was "successfully assessed" at Defense Industrial Base Cybersecurity Assessment Center's maturity level 3 and that "several more are in process for being assessed." Only 40% of C3PAO applications have been processed to date.

The new FAQs aim to dispel what it characterizes as misconceptions or rumors about issues from the organization's funding to their application status to be a non-profit. But the standout updates revolve around timelines. For example, the CMMC's licensed software provider program is in development and slated to roll out later this year.

The announcement also highlighted the governing body's plans to become an International Standards Organization (ISO) accreditation body by the end of fiscal year 2022. This certification is a mandatory part of the organization's contract with DOD.

The AB also noted that it would release a permanent marketplace portal later this year.

The announcement comes amid staff changes at the CMMC-AB surrounding its training leadership. Melanie Kyle Gingrich stepped into the role as the AB's training and education lead, overseeing daily operations in early May.

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilli[email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected