The official website entries for the CMMC Accreditation Body have been changed to “restricted” access in an apparent move to prevent the public from having insight into the body’s current CAGE code status.

As of March 30th, the official “SAM Status Tracker” was reporting the status of the CMMC-AB’s CAGE code actions, with the last known status shown as awaiting submission:

Suddenly, as of April 9th, the SAM Status Tracker now prevents any access to the information, instead resolving in a message reading, “Access to this entity registration is restricted. It cannot be displayed through the SAM Status Tracker.”

The official knowledge base reports that a “restricted” entry is the result of the entity themselves switching off public access to the information:

If an entity is registered and does not provide public search authorization, you will receive the following message when conducting a search: “Access to this entity registration is restricted. It cannot be displayed through public search. If you are a U.S. government user, log into SAM and try your search again.”

Oxebridge contacted the GSA Federal Service Desk, which manages SAM, to ask if the “restricted” message was the result of the CMMC-AB’s actions or a Federal agency. The representative responded:

When the entity does not allow Search Authorization, anyone who tries to search the entity will not be able to locate the management registration information. The entity Administrator is the one who turns off the SAM Search Authorization.

The “entity” in this case is the CMMC-AB, meaning that AB officials — and not the Federal government — intentionally moved to mask its CAGE Code status from the public.

The CMMC-AB’s CAGE code process has been marred by controversy and potentially criminal actions. The organization originally applied for a CAGE code in March of 2020 but did so by submitting “reps and certs” documents that claimed the group was tax-exempt; in fact, the CMMC-AB did not have tax-exempt status, and still has not obtained it to this day. Falsifying information in a CAGE code application is a felony.

The CMMC-AB then won a no-bid contract with the DOD based on that CAGE code. Later, the CMMC-AB failed to perform a routine update to its CAGE code status in in March of 2020, causing its SAM listing to lapse entirely. Maintaining active SAM registration while holding a Federal government contract is also required by law.

To date, the Federal government and Dept. of Defense seem largely willing to overlook the AB’s violations of law, possibly to ensure that the CMMC program is not disrupted.

The DLA website still lists the CMMC-AB’s CAGE code entry as inactive.

Publicity Tour Backfires

The latest move to hide its SAM status from the public would be consistent with the AB’s general hostile posture to oversight and accountability. In a recent FedScoop interview, CMMC-AB Chair Karlton Johnson referred to those calling out the AB for conflicts of interest as “malicious influencers.” In another interview for NextGov, Johnson accused others of “misinformation,” seeming to take a critical swipe at a claim made by DOD’s Katie Arrington, who previously claimed the AB had “taken out lines of credit.

Johnson’s flood of interviews comes as the AB hired a new PR firm to manage its image, six separate sources reported to Oxebridge. The move appears to have been partially bungled by Johnson, who comes off as irritated, sniping, and accusatory against even mild criticisms.

Johnson and other senior CMMC-AB Board members have blocked critics on LinkedIn, cutting off access to their public posts and official CMMC-AB communications. Recently, a “sockpuppet” account was created on LinkedIn — widely suspected to belong to one of the CMMC-AB Board members — posted a horrific and sexist attack in defense of Board member Regan Edens.  Oxebridge founder Christopher Paris commented that “this is what the Board is reduced to, since they cannot defend their actions by honest discussion of facts.

“Home Inspections” Still in Play

The latest claim by the CMMC-AB is that they intend to audit remote workers in their private residences to ensure CMMC compliance. The claim is being challenged aggressively by Oxebridge as being a violation of the Fourth Amendment of the US Constitution, which prohibits the government from engaging in “unreasonable search and seizure.” The DOD’s CMMC Program Management Office reported that the CMMC-AB does not dictate audit policy, but that it was conferring with a government Chief Information Officer for a final decision on “home inspections.” Oxbridge has warned the PMO to confer with a constitutional lawyer before issuing any ruling.

The two Board members who made the announcement — Regan Edens and Jeff Dalton — both stand to gain personally from an expansion of CMMC assessments into private homes. Currently, the DIB is comprised of 300,000 companies, but if assessments were to be conducted within individual employees’ homes, rather than in each company’s physical location, the number of assessments and assessors needed would increase exponentially. Edens sells “CMMC compliance” labeling kits, which he could mandate be used in private homes, and Dalton sells CMMC consulting services and oversees the CMMC-AB’s assessor credentialing program.

The CMMC-AB and DOD CMMC office are now collectively subject to 17 different investigations and complaints for fraud, abuse, and other allegations.

In just over a year, the CMMC-AB has lost all its original Board Members except for Johnson. It recently hired its first CEO, Matthew Travis, but that position reports to Johnson.



ISO Benchmark