The Pentagon’s Office of the Undersecretary of Defense for Acquisition and Sustainment is seeking input on how to establish an accreditation body to verify the cybersecurity of controlled unclassified information stored in defense contractor-run networks.
A request for information notice posted Friday calls for the nonprofit community to submit ideas for how to shape the framework to implement, operate, maintain and expand a verification mechanism under the proposed Cybersecurity Maturity Model Certification program for the Department of Defense.
OUSD(A&S) said that it will work with federally funded research and development centers, university affiliated research centers and the private sector in CMMC development efforts.
The government wants to form a business relationship with the potential accreditation services provider through a memorandum of understanding.
A selected accrediting body will be responsible for certifying third-party assessment organizations, training C3PAOs, implementing quality control measures, coordinating metrics and maintaining a reference implementation assessment tool.
The department is accepting responses through Oct. 21.