The CMMC Accreditation Body has again ignored a formal complaint put to it, the latest alleging overt violations of its Code of Ethics by board members.
Multiple current and former Board Members are alleged to be personally profiting from their roles in the CMMC-AB by selling CMMC related services or products.
Ironically, the Dept. of Defense is making false claims about its ability to prosecute False Claims Act lawsuits against defense contractors who fail to obtain CMMC.
Documents submitted by the CMMC-AB to obtain a federal CAGE code included a false statement claiming the group was “tax-exempt” in March 2020.
The no-bid contract requires the CMMC-AB to undergo peer evaluations by foreign auditors, granting them physical access to reports of US cybersecurity deficiencies.
“Reciprocity” with ISO 27001 essentially signals the surrender of CMMC, and invites corruption and Chinese interference.
Four steps that can be done now to roll out a fully-functioning CMMC certification scheme.
The scheme still hasn’t addressed who will accredit C3PAOs, nor what the scope of that accreditation will be.
CMMC Third Party Assessment Organizations will have to obtain ISO 17020 accreditation in order to meet a DOD demand.
A collection of recent news and oversight activities related to the Cybersecurity Maturity Model Certification scheme.
The complaint alleges the CMMC-AB is preventing those with disabilities from gaining the credentials necessary to work as a CMMC assessor.
A whistleblower alleges that multiple training programs provided by the CMMC-AB do not comply with the Americans with Disabilities Act.