From CSO Online: Lack of C3PAO assessors jeopardizes DoD CMMC certification goal

Article by Christopher Burgess. Original article can be found here: https://www.csoonline.com/article/3632398/lack-of-c3pao-assessors-jeopardizes-dod-cmmc-certification-goal.html


Article highlights

  • Founding member of the CMMC accreditation body noted, “we’re certainly going to need to scale to over 5,000 assessors in the ecosystem to do more than 100,000 assessments per year.”

  • The cost of adhering to the CMMC process may cause many entities to self-select out.

  • One needs only look to the US Navy to see the potential effect of not having timely audits of cybersecurity postures. An internal audit of the submarines in the US Naval Submarine Force Pacific reveals that 41 submarines and their support ships didn’t have their required “internal and external cybersecurity inspections” conducted from 2016 to 2018.