First certified third-party CMMC assessment organization named

On June 9, the CMMC Accreditation Body (CMMC-AB) announced the authorization of the first Certified Third-Party Assessment Organization (C3PAO) within the growing Cybersecurity Maturity Model Certification (CMMC) ecosystem. This company passed the CMMC Maturity Level 3 (ML3) assessment performed by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) and then met the remaining C3PAO administrative and personnel requirements. The CMMC-AB placed the company into the marketplace, where additional details are disclosed.

“Reaching this step in getting the CMMC ecosystem up and running is a significant milestone and we look forward to authorizing additional C3PAOs in the coming days and weeks,” said CMMC-AB chief executive Matthew Travis. “As recent events emphasize how aggressively cyber threat actors are targeting our nation, the role of CMMC is more vital than ever as we take a united approach to protecting critical assets and information within the Defense Industrial Base.”

Within the CMMC Framework, C3PAOs are the authorized entities that conduct the maturity level assessments for those organizations throughout the DIB seeking CMMC certification. The inaugural C3PAO and those that follow are now authorized to schedule assessments with companies seeking certification. Actual assessments themselves can commence this summer once all supporting CMMC program materials are finalized in the coming weeks.