I hate being right so much. I warned Katie Arrington and her grifter squad back in 2020 that CMMC would only result in fake certificates being pumped out from India, since that is what has infected the ISO certification scheme which Arrington tried to base CMMC on. Without proper controls, this was inevitable.
The plan, of course, was to house CMMC certification status in a single, official database (eMass) so that they were verifiable. I said that wouldn’t work because ISO has tried the same thing, through CertSearch, and that has proven to be a huge failure. Fake ISO certificates not only flood the market, but eventually end up in CertSearch, too.
Use of eMass suggests that government contracting officers (COs) would actually check these things. They don’t. They are overworked and lazy, and they just look to see if someone has checked a box to show compliance with a given requirement. They will not log into eMass and verify anything. And, face it, if some lazy CO from Raytheon or Booz Allen doesn’t do their job, it’s not like the Federal government is going to do debar Raytheon or Booz Allen. There’s no consequence.
So now meet Top Certifier, a known “certificate mill” operating out of India. Top issues fake, forged certificates for everything from quality systems (ISO 9001), medical devices (ISO 13485), and cybersecurity (ISO 27001.) They also pump out fake CMMI certificates for software and IT companies, as well as fake SOC 2, HIPAA, and food safety certificates. There is nothing these scammers won’t sell you a photoshopped certificate for. Top Certifier claims to be a division of “Veave Technologies,” which appears to be a simple staffing company.
If they are sell fake medical device and food safety certs that could literally end up killing people, what?… you thought they wouldn’t offer CMMC? Here they are eagerly selling CMMC certificates to the US Defense Industrial Base. Have a look:
And, in case you wanted to have them arrested, they were happy enough to put their management team’s photos on the site, too:
At least one of these shysters appears on LinkedIn, too. Here’s the profile for Rejeesh Kumar, who appears in the third photo above. Kumar lists himself as “Head of International Business North America & Middle East” although he, like both Veave and Top Certifier, operate out of Bengaluru, Karnataka.
Top Certifier isn’t alone, of course. Shamkris is another Indian certificate mill that offers CMMC alongside dubious product and system certifications. In multiple posts on LinkedIn, their CEO Shyam Sharma — who looks like he is starring in a 1970s Bollywood knockoff of Saturday Night Fever — insists that Shamkris provides both consulting and certification, a clear violation of accreditation rules.
Hey, at least he put the word “sham” in the company name!
Then, Shamkris — the consulting company — lists its “Certification Providers,” of which Shamkris itself is one. “Shamkris Global Inspection Services Pvt Ltd” holds accreditation by the US accreditation body, IAS, which has ignored the fact that Sharma sells consulting services alongside his certification services. IAS is located in California, but ostensibly operated by Indians both in the US and in Delhi. IAS has allowed multiple scammer “mills” to obtain full international recognition, so long as they pay IAS their fee.
As you likely saw from the recent KSQA scandal, filing a complaint with IAS would be pointless, since they IAS ignores its obligations under ISO 17011 and just throws out complaints, ensuring the globalization of certification fraud.
So let’s pause on that. In order to get full recognition in the US, Indian scammers partner with an Indian-owned US company to launder their reputation and, then, sell “legitimate” certificates in the US that, nevertheless, are in violation of accreditation rules. This happens all the time in the US, and there is nothing stopping Indian scammers from doing that very same thing in the CMMC scheme. The CMMC shills, suffering from advanced-stage dunningkrugeritis, will smugly insist they have this all under control. Sure, buddeh.
Want more? Sure you do. Here is CUNIX, which is an Indian-based consultancy. They don’t appear to be offering CMMC certification (yet), but their website does include some entirely fictional statistics on the effectiveness of CMMC certification. Whenever you see very specific percentage figures like this, without any possible way they are supported by real data, you know you’re dealing with a scammer.
And it’s not all clear how you would hire a non-US person to perform consulting on CMMC, since they’d have to have access to CUI to do it. So companies like CUNIX are inviting you to help them break the law.
Will anyone be arrested? Of course not, this is India we’re talking about. I’d bet that 90% of that country’s GDP is the result of selling fake certificates.
Now, the usual CMMC shills will insist that any certificates issued by these scammers will be caught and the US companies buying them will be punished. But, again, we have the CMMI and ISO programs to look at for history. In those schemes, fake Indian certs are repeatedly and reliably passed off to government buyers and “prime manufacturers,” and exactly nothing happens. Again, nobody checks this stuff.
Will Katie Arrington and Stacy Bostjanick use their magical powers to ensure the Dept. of Defense take action against Indian scammers? No, because they both quit the Federal government to work at private companies selling the CMMC program they made up out of thin air.
CMMC is a grift, and now we can’t even take pride in the fact that, at least, it’s an American grift. It’s been outsourced to India, too.
Christopher Paris is the founder and VP Operations of Oxebridge. He has over 35 years’ experience implementing ISO 9001 and AS9100 systems, and helps establish certification and accreditation bodies with the ISO 17000 series. He is a vocal advocate for the development and use of standards from the point of view of actual users. He is the writer and artist of THE AUDITOR comic strip, and is currently writing the DR. CUBA pulp novel series. Visit www.drcuba.world
