Norwich University Applied Research Institutes (NUARI) is a Licensed Training Provider (LTP) and a Licensed Partner Publisher (LPP) for the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB), an independent accreditation entity created in January 2020 that’s responsible for establishing, managing, controlling and administering the CMMC assessment, certification, training and accreditation processes for the defense supply chain.
Certified CMMC Professional (CCP) Training Course
Join our virtual classroom from the comfort of your home or office and receive the same meticulous curriculum as in-person learning and instruction to help you prepare for the CCP exam.
Realignment of Responsibility for Cybersecurity Maturity Model Certification (CMMC) Program
On Feb. 2, 2022, Deputy Secretary of Defense Kathleen H. Hicks directed the realignment of responsibility for the Cybersecurity Maturity Model Certification (CMMC) program. With this directive, the responsibility for the program transitions from the USD(A&S) to the DoD CIO.
This realignment will also move the team of six DoD civilians, with contract support, responsible for administering the program, from USD(A&S) to DoD CIO.
The Department has taken this action to consolidate industry-related cybersecurity programs under common leadership and direction to enable increased synergy and collaboration across the Defense Industrial Base (DIB) Cybersecurity programs.
In the coming weeks, the CIO will begin submitting proposed changes to the Defense Federal Acquisition Regulation Supplement (DFARS) rule-making process to ensure maximum collaboration on these requirements.
For more on how CMMC 2.0 differs from its predecessor, visit https://www.acq.osd.mil/cmmc/index.html.
Strategic Direction for Cybersecurity Maturity Model Certification (CMMC) Program
In November 2021, the Department of Defense announced the strategic direction of the Cybersecurity Maturity Model Certification (CMMC) program, marking the completion of an internal program assessment led by senior leaders across the Department.
The enhanced “CMMC 2.0” program maintains the program’s original goal of safeguarding sensitive information, while:
- Simplifying the CMMC standard and providing additional clarity on cybersecurity regulatory, policy, and contracting requirements;
- Focusing the most advanced cybersecurity standards and third-party assessment requirements on companies supporting the highest priority programs; and
- Increasing Department oversight of professional and ethical standards in the assessment ecosystem.
Together, these enhancements:
- Ensure accountability for companies to implement cybersecurity standards while minimizing barriers to compliance with DoD requirements;
- Instill a collaborative culture of cybersecurity and cyber resilience; and
- Enhance public trust in the CMMC ecosystem, while increasing overall ease of execution.
The CMMC program includes cyber protection standards for companies in the defense industrial base (DIB). By incorporating cybersecurity standards into acquisition programs, CMMC provides the Department with the assurance that contractors and subcontractors are meeting DoD’s cybersecurity requirements.
The DIB is the target of increasingly frequent and complex cyberattacks by adversaries and non-state actors. Dynamically enhancing DIB cybersecurity to meet these evolving threats, and safeguarding the information that supports and enables our warfighters, is a top priority for the Department. CMMC is a key component of the Department’s expansive DIB cybersecurity effort.
For more on the changes, visit https://www.acq.osd.mil/cmmc/index.html.