The US Internal Revenue Service has confirmed that as of February 26, 2021, the CMMC Accreditation Body has not obtained and does not hold tax-exempt filing status.

The confirmation comes on the heels of official filings made in March of 2020 with the Defense Logistics Agency (DLA) which showed the CMMC-AB attested at that time it had already obtained tax-exempt status. The IRS confirmation provides official proof that the claim made in March was false.

The application filed with DLA allowed the CMMC-AB to obtain a Commercial and Government Entity (CAGE) code, a requirement for obtaining contracts with the Federal government. Based on that CAGE code, the CMMC-AB then obtained an exclusive no-bid contract with the Dept. of Defense. Oxebridge argues the contract is null and void since the CMMC-AB obtained its CAGE code through fraud.

Volunteers had provided the CMMC-AB with services under the belief the organization was a non-profit entity. In reality, the group was using the work provided by those volunteers to create a for-profit commercial services organization that sells training and “credentials” for CMMC related subjects. The CMMC-AB Board Members are now planning to form a new company called “CAICO” which will spin off the training and credentialing, thus taking the intellectual property from CMMC-AB entirely, and using it for their own purposes. This raises the specter of class-action suits against the parties.

Despite having been in operation since January of 2020, the CMMC-AB has never taken steps to actually become a functioning accreditation body. It has currently produced no fully certified CMMC assessors nor a single accredited “C3PAO” certification body. Despite this, the organization has drawn in millions of dollars in estimated revenue by selling “badges” to cybersecurity professionals and companies.

The IRS was responding to an official request for filing status sent by Oxebridge. The filing was submitted in December of 2020, although the IRS response incorrectly indicates the filing was made in December 2021.

The full IRS response can be read here.


Surviving ISO 9001 Book

Why we report on these topics

Since 2000, Oxebridge has worked to improve ISO and related certification schemes by identifying problems and then proposing solutions. We report on issues affecting standards users because so few other news outlets do. Our belief is that in order to fix the problems in these schemes, we must first understand the nature and breadth of those problems. Our reporting aims to do just that. Elsewhere on the Oxebridge site you will find White Papers and other articles proposing ideas to correct these problems.


Available Tools

Oxebridge Swag