Graphic for March 2025 Cyber AB & CAICO Town Hall with Kraken Compliance logo.

CMMC March 2025 Town Hall: International Expansion and Program Updates

Article
Article
CMMC 2.0
12
Article
Blog
Category
Andrew Freund
Founder & CEO, Kraken Compliance
March 26, 2025

The CMMC ecosystem continues to evolve rapidly, with significant developments in international participation and CMMC Certification Process taking center stage during the March 2025 Town Hall.

In the Cyber AB's March 2025 Town Hall, CEO Matt Travis and special guest James Gillooly from the DoD's CMMC Program Management Office (PMO) provided critical updates on the program's progress, international participation, and ethical guidelines for the CMMC ecosystem. This session confirmed that the final piece of the certification process—the official certificates—is now in place, allowing Organizations Seeking Certification (OSCs) to become officially CMMC Level 2 certified.

Program Fully Operational

CMMC Level 2 certification assessments are now officially live with 64 authorized C3PAOs issuing legitimate certificates. The final digital integration between eMASS and SPRS systems remains pending, but companies can now obtain verified CMMC Level 2 certification status.

International Momentum Building

South Korea leads international participation with over 100 practitioners, while Canada launches its parallel Canadian Program for Cyber Security Certification (CPCSC) program without CMMC reciprocity. While Canada's CPCSC program is similar to the CMMC Model, there is one big difference, CPCSC pulls it's security requirements from NIST SP 800-171 Rev 3, while CMMC still uses NIST SP 800-171 Rev 2.

Despite diplomatic tensions, the CMMC program remains fully open to Canadian participation as both CMMC assessors and organizations seeking certification.

Tier 3 Background Process Streamlined

James Gillooly DoD CMMC PMO announced a major development: formalized Tier 3 background investigation processes for foreign nationals seeking CCA or CCP certification. The new process divides candidates into four categories based on citizenship and U.S. residency status, utilizing existing bilateral security agreements between the United States and partner nations. One foreign national has already successfully completed the process in less than a week. Once fully implemented, foreign nationals that previously submitted their Tier 3 Determination Applications, will be required to resubmit under the new process.

Congressional Review Period Ongoing

While House Joint Resolution seeks to cancel the CMMC program, industry experts view this as having minimal likelihood of success, requiring passage through multiple legislative hurdles including Armed Services Committee approval and presidential signature.

CMMC MythBusters

Rumor 1 - CMMC Certified Professionals (CCP) candidates need to submit for Tier 3 Background investigations prior to taking the CCP exam.

Fact: Only CCP Candidate who have passed the exam and then are contacted by the CAICO submit for the Tier 3 Background investigation.

Rumor 2 - House Joint Resolution introduced by House of Representative Andrew Clyde (Republican GA-9) is going to cancel the CMMC Program.

Fact: The bill has been referred to the House Armed Services Committee. In order for the bill to become law, canceling the CMMC Program, the bill would have to be:

  • voted out of committee;
  • passed by the full U.S. House of Representatives;
  • passed by the full U.S. Senate; and then
  • signed into law by the President.

Rumor 3 - All CCAs and CCPs need to apply for access to CMMC eMASS.

Fact: Only CCAs or CCPs that have been designated by Authorized C3PAOs to upload CMMC assessment documents to CMMC eMASS on their behalf, are granted access.

CMMC Ecosystem Capacity Scaling

Current numbers show 336 CMMC Assessors, 655 CMMC Professionals, and over 1,800 registered practitioners across the ecosystem. The marketplace continues expanding with enhanced regional search capabilities planned for implementation.

  • CMMC Certified Assessors (CCA): 336
  • CMMC Certified Professionals (CCP): 655
  • Registered Practitioners (RPs): 1,640
  • Registered Practitioners Advanced (RPAs): 201

Watch the Full Town Hall

Key Terms & Acronyms

  • Certified Third Party Assessment Organization (C3PAO)
  • Accreditation Body (AB)
  • International Organization for Standardization (ISO)
  • U.S. Department of Defense (DoD)
  • Defense Industrial Base (DIB)
  • CMMC Certified Assessor (CCA)
  • CMMC Certified Professional (CCP)
  • Cyber AB (Cyber Accreditation Body)
  • CMMC AB (CMMC Accreditation Body)
  • CyberSecurity Maturity Model Certification (CMMC)
  • Controlled Unclassified Information (CUI)
  • Federal Contract Information (FCI)

Share this post

Subscribe To Our Newsletter

Stay up-to-date on Govt. IT Compliance changes and getexpert compliance, audit, and security tips.