[The following is a guest op-ed by Owen DiStefano.]

Currently, the CMMC Midwest Conference 2021 is being advertised online as a conference where DIB companies will have the opportunity to meet with CMMC RPOs and CPOs as well as featuring a keynote presentation by Wayne Boline of the CMMC-AB. At first glance, this seems like a great concept for DIB companies trying to adapt to the new CMMC regulations, but more and more problems keep appearing.

While the conflict of interest created by having this event has already been addressed, a problem I have not seen addressed is the fact that the event is actively violating the CMMC-AB’s own Code of Professional Conduct (CoPC) that it requires all Individuals, Entities, and Industry Working Group Members within the CMMC Ecosystem to sign.

The CMMC Midwest Conference is currently advertising two C3PAO exhibitors including Rea & Associates, who is an RPO (Registered Practitioner Organization), not a C3PAO. The conference website does state the Rea & Associates is “Seeking C3PAO Certification,” but listing them in the “C3PAO Exhibitor” category would only mislead DIB companies attending the conference by exaggerating their abilities. This exaggeration and misleading are directly in violation of the CoPC § 2.1 (“Never represent yourself or your company in a way that is not aligned with your certification”) and § 3.1.3 (“Do not mislead or exaggerate the services that your organization is authorized to deliver.”)

The event is also being hosted by another RPO, Ember Technology LLC, meaning Ember themselves could also be in violation of the CoPC.

The biggest concern is that the CMMC-AB is allowing a board member — Wayne Boline of Raytheon — to be the keynote presenter at the conference. This means the CMMC-AB is endorsing both the conference and the violations of their own CoPC. If the CMMC-AB is willing to do this, then how can the DIB know that they will properly enforce their CoPC in the future? How can anyone trust that they will protect the DIB from companies who paid for CMMC badges, but then act with malicious intent?

Owen DiStefano is a Chief Information Security Officer and cybersecurity expert from West Islip NY.


ISO 45001 Implementation