The first major complaint within the CMMC scheme has advanced to the next stage, as The Cyber AB has launched an investigation into the C3PAO, Lazarus Alliance.
Oxebridge filed a complaint against Lazarus alleging improper use of The Cyber AB logo, the Dept. of Defense logo, conflicts of interest, and other issues. Lazarus markets a cybersecurity product known as Continuum GRC alongside its CMMC certification services, a potential violation of accreditation rules.
Lazarus CEO Michael Peters responded by mocking the complaint, calling it a “kangaroo court” and threatening legal action against Oxebridge. He then falsely accused Oxebridge of “criminal social engineering” and other crimes, and suggested his client report Oxebridge to the FBI, FTC, and “local law enforcement.” Oxebridge escalated the complaint to The Cyber AB, which is authorized by the Dept. of Defense to adjudicate such complaints.
The Cyber AB has now notified Oxebridge that it validated the complaint and has found “sufficient cause for The Cyber AB to investigate.”
It should be noted that this does not mean that Lazarus has been found in noncompliance yet, but that The Cyber AB felt there was sufficient evidence to warrant an investigation.
For over a decade, Oxebridge has filed complaints on behalf of whistleblowers using its ISO Whistleblower Reporting Tool. In 2020, it opened up that tool for CMMC-related complaints. That tool may be accessed here.
