According to officials, the certification examinations and other training materials required for instructors to implement the Department of Defense (DoD) third-party online security program for contractors are nowhere near delivery. Contrary to what the board had previously indicated—that the Cybersecurity Maturity Model Certification (CMMC) would be available by the close of summer—unfortunately, due to recent developments, it seems expectations should be extended to fall.
One of the reasons for this delay, according to the training director for CMMC’s accreditation body, Melanie Kyle Gingrich, the objectives for the training programs concerning these certifications are yet to receive approval by the DoD.
These objectives will form the basis for developing the needed certification exams and training materials for professionals and assessors. Although some experts suggest that everything should reach finalization in the coming months, nothing is guaranteed.
Once the objectives become finalized, the needed training content materials should be available after eight weeks. A month after this, the licensed training providers should also make training courses available.
As it stands, 39 licensed training providers with 16 companies remain listed as licensed publishing partners. Additionally, the professionals will use the Licensed Publishing Partner’s (LPP) course content.
Furthermore, the LPP’s content progress will determine the date for developing the CMMC’s certified professional examination. However, as it stands, this exam is scheduled for the fall of this year (2021).
This situation leaves some concerns about how the exam’s timeline will impact the assessor certifications. However, according to the accreditation board, provisional assessors who have already acquired the DoD-approved training can go through testing to become certified professionals or CMMC assessors.
Another concern many people share is companies offering unauthorized training with prior approval by the accreditation board, mainly due to the CMMC’s training timelines. Addressing this, Gingrich indicated that as necessary as these training options are, it is essential for everyone to know how the ecosystem works to make them more aware of the decisions they make. Gingrich also stated that another reason for the CCP training is not knowing what the outcomes are for the objectives needed to measure CMMC assessments.
However, it is essential to note that the accreditation board has already alerted potential defense contractors. This is about companies not being sincere with their ability to train people to prepare for the CMMC instructor and assessor certification examinations for the Department of Defense.
According to the vice-chairman of the accreditation board, Jeff Dalton, there are currently no CCPs or CMMC-certified professionals, as the training required hasn’t started yet. He further stated that there is no way for other cybersecurity certifications to supplant or circumvent the training.
Finally, he noted that taking the course is essential, as getting the proper training from the start will impact the livelihoods of those companies being assessed.