DODIG-2025-056 - Recommendation D-2025-0056-D000CR-0001-0002.c

Rec. 2.c: The DoD OIG recommended that the Cybersecurity Maturity Model Certification (CMMC) Program Management Office Director direct the contracting officer to modify the contract with the Cyber Accreditation Body to require the Cyber Accreditation Body (Cyber AB) to:

Verify that the quality control leads (QCL) for every authorized Cybersecurity Maturity Model Certification Third?Party Assessment Organization (C3PAO) meet the certification requirement within 30 days of the date of this report, and, for any of the C3PAO's QCLs who are not certified, revoke the authorization for those C3PAOs to perform CMMC Level 2 assessments until the C3PAOs provide support the QCLs are certified

Questioned Costs

$0

Funds for Better Use

$0

Recommendation Status

Open

Source UUID

DODIG-2025-056-D-2025-0056-D000CR-0001-0002.c

Report

Audit of the DoD’s Process for Authorizing Third Party Organizations to Perform Cybersecurity Maturity Model Certification 2.0 Assessments

Recommendation Number

D-2025-0056-D000CR-0001-0002.c

Significant Recommendation

No