Ellen Lord, defense undersecretary for acquisition and sustainment and a 2020 Wash100 award winner, said in a statement published Friday on NDIA the Department of Defense has not yet finalized the requirements for accrediting third-party assessment organizations under the Cybersecurity Maturity Model Certification.
Lord issued the statement in an effort to address misleading information about C3PAOs.
“The Department has learned that some third-party entities have made public representations of being able to provide CMMC certifications to enable contracting with DoD. … To be clear, there are no third-party entities at this time who are capable of providing a CMMC certification that will be accepted by the Department,” she said.
She noted that the Pentagon’s official position on the CMMC framework will be reflected on the training materials to be presented and that she has already informed the presidents of the National Defense Industrial Association, Professional Services Council and the Aerospace Industries Association about the issue.
Lord said DoD will make an announcement once it signs a memorandum of understanding with the CMMC accreditation body on the approval, certification and accreditation processes with regard to the defense supply chain.