CMMC will lead to DFARS 252.204-7012 and NIST 800-171 compliance audits. Now you can uncover the gaps between your current state and compliance with CMMC Marketplace - qualifying CMMC auditors in the age of COVID-19.

Today as the world is facing existential crisis with the spread of COVID-19, the Department of Defense (DoD) and the CMMC Accreditation Body (CMMC AB) are charging forward with implementing the CMMC. The CMMC AB is charged with several large tasks to make the CMMC a success, which includes certifying CMMC auditors and C3PAOs - the companies who employ the CMMC auditors). Both the CMMC auditors and the C3PAOs must meet a set of requirements being established by the CMMC AB in order to perform the network assessments/audits that will be recognized by the DoD as meeting the new CMMC requirement.

Moreover as the Department of Defense intends to include the CMMC requirements in 10 new requests for proposals (RFPs) in fall 2020, it estimates that 1,000 companies will be impacted by the CMMC requirement in the initial 10 RFPs. The current timeline of the CMMC implementation will require all 1,000 companies to receive their CMMC certification by time of contract award, which could be as late as June 2021.

With COVID-19 making in-person training impossible for the foreseeable future it is unclear if training for trainers will kick off in April as planned.

For simplicity, let’s also assume that each audit takes on average two weeks and requires two auditors to complete, realizing that CMMC Level 5 audits will require more time and manpower than a CMMC Level 1 audit. In order to prevent a bottleneck in the DoD supply chain on June 1, 2021, more than 60 auditors need to be certified by the CMMC AB each month starting in June 2020.

It is difficult to see how the current method of training-the-trainer and conducting certified CMMC auditor training will meet this initial demand, let alone see how it will scale to meet the exponentially growing demand over the next five years. In addition to in-person training not being easily scalable the flaws in this method is even more apparent in this new COVID-19 reality of telework and widespread government mandated lockdowns. It is hard to know exactly when training will start.

About CMMC Marketplace:

CMMC Marketplace connects government contractors those are looking to achieve cybersecurity maturity model certification (CMMC) compliance with qualified CMMC service providers. For more information about CMMC Marketplace visit our website https://www.cmmcmarketplace.org/