As we are all preparing for the Holiday Season, the DIB remains kicked into high gear, preparing for the DoD’s anticipated roll out of CMMC and the Cyber AB is no different. Last week the Cyber AB (formerly CMMC-AB) and the newly created CAICO, held their 2022 Year-end Town Hall Finale. Since the first town hall was conducted, they have continued to contain valuable nuggets of CMMC news, updates, and changes in the CMMC ecosystem. In case you missed it, here are the major highlights and key takeaways from the Cyber AB’s 2022 Year-end Town Hall Finale.
Year-End Town Hall Replay
Cyber-AB Updates
Topics
Update Summary
Website Improvements for 2022
CCA Application Workflow Will be Implemented by 12/15/22.
Candidate C3PAO’s will be listed on the website by 12/15/22.
Joint Surveillance Voluntary Assessments
5 Companies have completed a Joint Surveillance Voluntary Assessment conducted by the DIBCAC.
The DIBCAC has opened several additional assessment slots for the month of December.
50 Companies have signed up to participate in the Joint Surveillance Voluntary Assessment Program.
Organizations interested in participating in the Joint Surveillance Voluntary Assessment Program, should reach out to an approved C3PAO.
CMMC Practitioner Community (RPs, RPO’s & RPA’s)
The Cyber-AB will be holding a meeting with RPs, RPO’s, & RPA’s to discuss CMMC updates and promotional activities. The meeting invite will be sent out to all RPs, RPO’s & RPA’s during the week of December 12th, 2022.
Draft CMMC Assessment Process (CAP)
All feedback received on the Draft CMMC Assessment Process (CAP) will be posted on the Cyber-AB website by December 2nd, 2022.
Cyber-AB Board of Directors
The Cyber-AB Board of Directors has appointed 4 new directors to the Cyber-AB Board.
Planned Website Improvement for 2023
Creation of CAICO website
Redesigned Market Place
Redesigned Market Place
CAICO Updates
Topics
Update Summary
Certified CMMC Professional (CCP)
The Certified CMMC Professional (CCP) exam is now live and available to all approved CCP applicants.
Certified CMMC Assessor (CCA)
The CAICO completed the Certified CMMC Assessor (CCA) Beta Exam on November 30th and expects to release the final version of the CCA Exam on December 16th, 2022.
The CAICO is developing an initiative that will pair Certified CMMC Assessor candidates with the DIBCAC Assessments, to help CCA candidates meet the CMMC Assessment participation requirement. All Certified CMMC Assessor candidates are required to participate in 3 CMMC Assessments to become an approved CCA.
Cyber-AB Myth Busters
CMMC Myth 1
Myth
The CMMC rules have been pre-designated for “Interim Final Rule” status, placing them on a faster track to be in effect for DoD procurement implementation after a 60-day public comment period.
Fact: Short Version
Short version, we do not yet know and are waiting for it to be announced.
Fact: Expert Version
The Office of Information and Regulatory Affairs (OIRA) with OMB, is responsible for publishing the Unified Agenda bi-annually (fall version & spring version). Each version of the Unified Agenda indicates the status of proposed rules. The next version of the Unified Agenda (fall version) is expected to be released on the OIRA website in the next couple of weeks. The fall version is expected to indicate whether the proposed CMMC rules will obtain a “Interim Final Rule” status or if they will go through the full rule making process. Below is a brief outline on how each status could impact the proposed CMMC rules.
Interim Final Rule Status: Achieving the “Interim Final Rule” status, will enable the DoD to fast track the roll out of CMMC.
Full Rule Making Status: Achieving the Full Rule Making Status will result in an extended rule making process that will prolong the DoD’s roll out of CMMC.
CMMC Myth 2
Myth
One or more companies participating in the Joint Surveillance Voluntary Assessment Program have “failed” their assessment.
Fact: Short Version
This is a myth and is not true.
Fact: Expert Version
The Joint Surveillance Voluntary Assessments are conducted under “DIBCAC High” rules, which results in a numerical score. The “DIBCAC High” rules do not result in either a “pass / fail” or “met / not met” result. Given this, no companies participating in the Joint Surveillance Voluntary Assessment Program could have failed their assessment.
Year-End Town Hall Replay
Share this post
Subscribe To Our Newsletter
Stay up-to-date on Govt. IT Compliance changes and getexpert compliance, audit, and security tips.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.