Try "researchers"
CYBER
DEFCROS News

ISACA Assumes Leadership in Training and Credentialing CMMC Assessors

ISACA Appointed as Cybersecurity Assessor Certification Organization for CMMC 2.0

Overview of CMMC 2.0

The Pentagon has recently engaged ISACA, a prominent information technology firm, to spearhead the training and certification of assessors involved in the Cybersecurity Maturity Model Certification 2.0 (CMMC 2.0) initiative. This program is crucial for fortifying the cybersecurity frameworks that defense contractors must implement when managing Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).

CMMC 2.0 provides a structured tiered framework designed to assess and certify the cybersecurity practices of contractors based on the sensitivity of the information they handle. Following a complex approval process, this regulatory framework became law in 2024, mandating the incorporation of CMMC requirements into federal contracts.

Transitioning to CAICO

As of Tuesday, ISACA has taken on the responsibilities of the Cybersecurity Assessor and Instructor Certification Organization (CAICO). This transition aligns with the organization’s commitment to enhance cybersecurity standards across the defense industry. In this capacity, ISACA will oversee:

  • Training protocols for CMMC certified professionals, assessors, and instructors.
  • Administration of rigorous examinations and professional certifications for individuals participating in the CMMC framework.

ISACA is projected to be fully operational in this role by April 2026, as they develop the necessary infrastructure and certification processes.

Industry Concerns and Challenges

The appointment of ISACA comes amid growing concern regarding the adequacy of certified assessor organizations (C3PAOs) and the professionals they employ. With estimates indicating that over 100,000 companies will ultimately require CMMC Level 2 certification, the existing pool of certified assessors is insufficient. Todd Gagnon, who leads the CAICO initiative at ISACA, expressed these concerns in a recent interview:

  • Certification Volume: The current number of professionals available for certification is significantly below demand.
  • Scaling Limitations: There are no current strategies in place to scale resources effectively under the previous CAICO standards.

Strategic Role of ISACA

ISACA is poised to capitalize on its extensive background in cybersecurity and assurance, drawing on its global leadership in areas like training, credentialing, and assessment. CEO Erik Prusch emphasized the organization’s commitment to supporting the Department of Defense in safeguarding sensitive information.

The firm aims to:

  • Enhance training capabilities to meet evolving cybersecurity requirements.
  • Streamline certification processes that will facilitate rapid scaling of operations.

Previous responsibilities as CAICO were managed by Cyber AB, which struggled with the increasing demand for certification in a rapidly evolving cybersecurity landscape. ISACA’s reputation and robust organizational structure position it well to navigate these challenges.

Building the Foundation

In the coming months, ISACA will prioritize the development of its IT infrastructure to bolster its new certification mandate. Chris Demitriatis, ISACA’s Chief Global Strategy Officer, highlighted the organization’s proven expertise in managing technology credentialing programs, which will aid in expanding its CMMC operations swiftly and efficiently. As ISACA steps into this significant role, its team is prepared to tackle the complexities of training and certifying assessors effectively, ensuring that industry standards are upheld.

Conclusion

ISACA’s engagement in the CMMC 2.0 initiative marks a critical step toward reinforcing cybersecurity protocols within the defense sector. As the demand for qualified assessors grows, the organization’s proactive approach aims to bridge the gaps in certification and training, ultimately enhancing national security through robust cybersecurity measures.

For further discussion on this topic or to engage with the ongoing developments in military cybersecurity frameworks, stay tuned to updates from ISACA and the Department of Defense.

This article synthesizes insights into Pentagon initiatives concerning cybersecurity, detailing ISACA’s pivotal new role in fostering a more secure defense industrial landscape.

Previous article
German Navy Receives Its First NH90 Sea Tiger Helicopter
Next article
In-Space Operations and Services Strategic Forum 2025 Begins

Plane Used in Boat Strike Painted to Resemble Civilian Aircraft: Report

DEFCROS News - 0
Analysis of U.S. Military Operations in Venezuela: Legal and Operational Concerns The U.S. military's recent engagement in Venezuela, specifically an operation involving a masquerading aircraft...

Army Transitions Advisory Mission to Western Hemisphere Command

Hegseth Pushes for Rapid Transformation of DOD’s AI and Technology Centers

Netherlands Ministry of Defence Expands Dutch Expeditionary Patrol Vehicle Fleet

Three ‘Meta Trends’ Reshaping Warfare, According to INDOPACOM Commander

© News.defcros.com