Pentagon testing waters for accreditor of contractor cybersecurity assessments

DOD issued an RFI asking for feedback from organizations interested in serving as the accreditation body for its Cybersecurity Maturity Model Certification (CMMC) program.
Aerial view of the United States Pentagon, the Department of Defense headquarters in Arlington, Virginia, near Washington DC, with I-395 freeway and the Air Force Memorial and Arlington Cemetery nearby.
(Getty Images)

The Department of Defense will soon be on the hunt for a third-party accrediting organization to make sure contractors have met newly proposed cybersecurity standards.

DOD issued a request for information Thursday asking organizations interested in serving as the accreditation body to submit feedback on the “long-term implementation, functioning, sustainment, and growth” of the process. The program will be known as the Cybersecurity Maturity Model Certification (CMMC).

The department issued version 0.4 of the CMMC last month, giving contractors a glimpse into the sort of cybersecurity standards they must meet if they want to work on projects that handle controlled but unclassified information. Ultimately, CMMC is an effort to secure DOD‘s extremely complicated and spiderwebbed IT supply chain from the largest contractors to the smallest.

The DOD estimates that 300,000 organizations will need to meet the cybersecurity certification. The accreditation body will not directly perform those assessments. It will manage the other third-party organizations who do that work.


The accrediting body must be a nonprofit that uses “revenue generated through dues, fees, partner relationships, conferences, etc.” to fund its work. There won’t be any other funding from the DOD, the RFI says. The relationship between DOD and the accreditor will be governed by a memorandum of understanding.

Interested parties have until Oct. 21 to submit feedback.

DOD plans to issue the final framework for the CMMC in January. Then, beginning in June 2020, all DOD requests for information will include the standards as a “go/no go” requirement, followed by inclusion in all requests for proposals in the fall that year.

Billy Mitchell

Written by Billy Mitchell

Billy Mitchell is Senior Vice President and Executive Editor of Scoop News Group's editorial brands. He oversees operations, strategy and growth of SNG's award-winning tech publications, FedScoop, StateScoop, CyberScoop, EdScoop and DefenseScoop. After earning his journalism degree at Virginia Tech and winning the school's Excellence in Print Journalism award, Billy received his master's degree from New York University in magazine writing while interning at publications like Rolling Stone.

Latest Podcasts