A recent Request For Proposal issued by the Cybersecurity Maturity Model Certification Accreditation Board – for a “continuous monitoring solution” – marks a departure from the training and certification functions the group has been expected to perform. Members of group’s board of directors explain that the board is also authorized to provide certified companies with cybersecurity services.
Mark Berman, chairman of the board’s communications committee, says that characterizing the CMMC-AB as a training or a monitoring organization “does not capture the full breadth of our mission which includes the development, maintenance, validation, protection of the CMMC Standard and using it to accredit entities, provide research, training, assessments, measurements, testing and more.”