The Cyber AB: What You Need to Know

The CMMC Accreditation Body (CMMC-AB) underwent a significant transformation, unveiling a new identity as “The Cyber AB” on June 7, 2022. This change, accompanied by a fresh logo and website, has left many intrigued. However, rest assured that The Cyber AB remains the guardian of the CMMC Ecosystem and an official partner of the Department of Defense. In this article, we’ll explore this transformation and the vital role that The Cyber AB plays in the CMMC program.

What is the Cyber AB?

To understand the CMMC program you must be familiar with The Cyber AB. This non-governmental entity collaborates closely with the Department of Defense to oversee and implement the CMMC standard. This standard is crucial for organizations entrusted with handling sensitive data, including Federal Contract Information (FCI), Controlled Unclassified Information (CUI)/Covered Defense Information (CDI), Controlled Technical Information (CTI), and International Traffic in Arms Regulations (ITAR) Data.

What Roles make up the CMMC Ecosystem?

The CMMC ecosystem is a complex web of roles and responsibilities that work together to ensure organizations achieve and maintain CMMC compliance. Each of these roles is defined by specific duties and expertise, and they play a crucial part in strengthening the cybersecurity posture of entities within the Defense Industrial Base (DIB). Let’s delve into the distinct roles within this ecosystem:

  • Registered Practitioners (RP): Registered Practitioners are individuals who have undergone training and certification to provide essential guidance to organizations in their CMMC compliance journey. They assist with the development of security policies, procedures, and documentation required for compliance.
  • Registered Practitioner Organizations (RPO): RPOs are entities that employ Registered Practitioners. They play a vital role in facilitating compliance efforts by offering consulting services, helping organizations navigate the intricacies of CMMC, and ensuring that they meet the necessary standards.
  • Certified CMMC Assessors (CCA): Certified CMMC Assessors are highly trained professionals responsible for conducting CMMC assessments within organizations. They evaluate an entity’s adherence to cybersecurity standards and make recommendations for improvements to achieve compliance.
  • Certified CMMC Professionals (CCP): Certified CMMC Professionals are experts who have completed specialized training and certification. They possess in-depth knowledge of CMMC requirements and provide crucial guidance in implementing security measures and managing compliance efforts within organizations.
  • CMMC Third-Party Assessor Organizations (C3PAOs): C3PAOs are accredited entities tasked with performing assessments of organizations seeking CMMC compliance. These organizations undergo a rigorous assessment process themselves to ensure their competence and objectivity. They play a pivotal role in determining an organization’s compliance status.

These roles work in tandem, providing a comprehensive framework for organizations to understand, implement, and validate their CMMC compliance. Whether it’s assisting in policy development, conducting assessments, or providing expert guidance, each role serves a distinct purpose in the broader CMMC ecosystem, collectively fortifying the cybersecurity defenses of the Defense Industrial Base.

Importance of CMMC Compliance for Government Contractors

The mission of The Cyber AB is clear – they are responsible for authorizing and accrediting key players within the CMMC ecosystem in the effort to secure our Nation’s supply chain. This includes CMMC Third-Party Assessor Organizations (C3PAOs), Registered Practitioners (RP), Registered Practitioner Organizations (RPO), Certified CMMC Assessors (CCA), and Certified CMMC Professionals (CCP). These entities collectively work to help Defense Industrial Base organizations prepare for and demonstrate their CMMC compliance. Without CMMC compliance, contractors will not be able to secure future DoD contracts. 

Building a Strong Foundation

To ensure quality and consistency, The Cyber AB adheres to the ISO/IEC 17011 Conformity Assessment, a certification that upholds international consensus-based standards. Furthermore, The Cyber AB is in the process of establishing the CMMC Assessors and Instructors Certification Organization (CAICO), which will oversee the training and certification of CMMC professionals.

How does the Cyber AB Authorize C3PAOs?

The role of C3PAOs is critical in CMMC 2.0 Level 2 assessments, especially for organizations seeking certification. The Cyber AB designates C3PAOs based on a rigorous assessment process, guaranteeing their competence and objectivity.

Is the Cyber AB Part of DoD?

While the Cyber AB, is NOT part of the Department of Defense (DoD), its support to CMMC is formalized through a direct contract with the CMMC Program Management Officer (PMO) within the Department of Defense. The operations of the Cyber AB are carried out by a dedicated full-time professional staff, accountable to, and overseen by the organization’s Board of Directors. The Board members serve voluntarily and without compensation, highlighting their commitment to the cause.