This first professional step towards formal assessing will likely allow the individual to participate in a CMMC assessment team led by a Certified Assessor (CA). ©2020 Summit 7 Systems. The Capability Maturity Model Integration, or CMMI, is a process model that provides a clear definition of what an organization should do to promote behaviors that lead to improved performance. System Security Plan (SSP) and Plan of Action and Milestones (POA&M), Office of the Under Secretary of Defense (OUSD), Controlled Unclassified Information (CUI). Certified CMMC AB - Master Instructor (CMI)A member of the CMMC AB team who is authorized to train the instructors that work for Licensed Training Providers (LPP) teaching the CP and CA classes. Katie Arrington (Special Assistant to the Assistant Secretary of Defense for Acquisition for Cyber, Office of the Under Secretary of Acquisition and Sustainment) gave a presentation at the 2019 Federal Acquisition Conference on June 13, 2019. Certified CMMC AB - Assessor (CA)These individuals are authorized to conduct CMMC assessments for Levels 1 through 5 and also have the ability to award maturity levels that are CMMC Quality Auditor (QA) approved, See below for details on QA. Furthermore, there are advantages of winning new business if your company receives a higher CMMC level than your competition. DMM Training and Certifications. NIST 800-53, FedRAMP, CMMI, SANS, FIPS 140-2, RMF, ISO 9000, and others are influencing the new model. Pursue a CMMI Certification. Contractors will be evaluated based upon the implementation of actual technical controls in addition to their documentation and policies. The Cybersecurity Maturity Model Certification, or CMMC, is the next stage in the Department of Defense's (DoD) efforts to properly secure the Defense Industrial Base (DIB). Certified CMMC AB - Quality Auditor (CQA)A CMMC Accreditation Board team member who has been authorized to review and approve the assessments submitted by individuals who are Certified Assessors (CA), using a baseline and criteria. This request from contracting authorities was often post award, and several companies received severe penalties through False Claims Act (FCA) settlements for misrepresenting their cybersecurity efforts. Experience has shown that organizations do their best when they focus their process improvement efforts on a prioritized and manageable number of practice areas at a time. The first obvious impact will be on recompetes. Now we will give more detail about each maturity level. Licensed Training Provider (LTP)An LTP will likely be academic and commercial organizations licensed by the CMMC-AB to use materials produced by Licensed Partner Publishers (LPP) to equip auditing professionals for individual credentials: CP, CA, and CI. The list of board members is as follows: *Note: before moving on to the next section, please be aware that Credentials will be for individuals and Accreditations will be for organizations. The CMMC framework adds a certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity maturity level. The CMMC AB will oversee the training, quality, and administration of the third party assessment organizations. There are a myriad of activities, but the most impactful in 2020 are shown in the following graphic. After this date, all appraisals must be completed using the CMMI V2.0 model. A great positive to the new certification will be the elimination of ambiguity. This can be accomplished by building an internal team or partnering with an external firm to manage the environment and security process for you.