DefenseScoop reports that ISACA, an information technology group, has taken over the responsibility for training and giving credentials to assessors under the Pentagon's Cybersecurity Maturity Model Certification 2.0 program amid concerns about a shortage of qualified third-party evaluators.The organization formally became the Cybersecurity Assessor and Instructor Certification Organization and will oversee training, exams, and certification for CMMC assessors, professionals, and instructors, with full operational capacity expected by April 2026. CMMC is a tiered cybersecurity framework requiring defense contractors handling federal contract information or controlled unclassified information to meet security standards based on data sensitivity.While most Defense Department contracts currently rely on self-assessments, contractors managing CMMC Level 2 data will need validation from certified third-party assessor organizations starting in November 2026. Concerns over assessor availability have intensified, as more than 100,000 companies are expected to require Level 2 certification, according to Todd Gagnon, who leads ISACA's CAICO program. Cyber AB previously served in the role but was expected to face scaling challenges as demand increases.
Training, Security Staff Acquisition & Development
ISACA assumes CMMC assessor certification role

(iStock via Getty Images)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds


