All But Three CMMC Certification Bodies Are Selling Consulting Services
The discovery raises concerns over conflicts of interest during CMMC certification assessments.
Category: CMMC
CMMC Assessment Process Released – Initial Concerns
A draft of the official CMMC assessment rules has been released, and it’s controversial.
CMMC Accreditation Body Rebrands as “CyberAB”
The CMMC-ABs new website leans into conflicts of interest and blatantly false claims regarding accreditation.
BREAKING: Katie Arrington Resigns
The former architect of the doomed CMMC 1.0 cybersecurity program has resigned.
DODIG Shuts Down CMMC “Omnibus” Complaint Providing No Justification
DODIG claimed they were unauthorized to release documentation, despite Oxebridge never having asked them to.
BREAKING: DoD Eliminates Katie Arrington’s Position, Shifts CMMC to CIO
The Pentagon has scuttled the CISO position previously held by Arrington, and taken away control of CMMC from her cronies at OUSD A&S.
After Undisclosed Settlement Agreement, Arrington Lawsuit Dismissed with Prejudice
Arrington’s suspension remains in effect, while she is prohibited from re-filing a lawsuit in the matter.
Cask Criminal Sentencing Delayed Until June 2022, as Prosecutors Pursue “Big Fish”
The move suggests Federal prosecutors are preparing to move against senior officials at Cask.
No, CMMC C3PAOs Will Not Be Allowed to Provide Level 1 Self-Assessments for Clients
The CMMC Accreditation Body’s promise to provide contract CMMC self-assessments would violate ISO 17021-1.
“CUI: CMMC Under Investigation” Interview with Chris Paris
I sat down for a lively interview with US Army Major and cybersecurity expert Leslie Weinstein to discuss accreditation within the CMMC scheme.
CMMC 2.0: Key Takeaways and a Call for Rational Calm
Don’t panic, stop spending, avoid the sunk-cost fallacy, and pay attention to the critics who have been consistently right since Day One.
DoD CIO to Take Over CMMC, While Accreditation Body Contract Will “Lapse as Moot”
CMMC-AB may be allowed to credential trainers and assessors, but not accredit C3PAOs.
