ISACA Named Global Credentialing Authority for DoD’s CMMC Program>
Info Security Magazine – Beth Maundrill
ISACA has been designated by the US Department of Defense (DoD) as the global authority for the Cybersecurity Maturity Model Certification (CMMC) program, which aims to ensure that defense contractors comply with stringent cybersecurity standards to protect sensitive information
The CMMC framework was introduced in 2020 and mandates contractors to implement necessary cybersecurity practices
A final rule was published in September 2025, effective November 2025, initiating a three-year rollout for CMMC requirements, with full compliance expected by 2028 for all organizations engaged with the DoD
ISACA will be responsible for certifying professionals within this ecosystem
The CMMC initiative is anticipated to affect over 200,000 contractors globally, including those in Europe
The program aligns with European regulatory trends emphasizing verifiable cyber maturity and is driven by the need to mitigate advanced cyber threats
Important items to note:
– ISACA appointed by DoD as the global credentialing authority for CMMC.
– CMMC was introduced in 2020 to secure sensitive information for defense contractors.
– Final CMMC rule published in September 2025, effective November 2025.
– Full compliance required for all individuals and companies supplying to the DoD by 2028.
– ISACA will certify professionals and assessors within the CMMC framework.
– Over 200,000 organizations, including European companies, will be impacted by CMMC.
– Program aligns with European regulatory movements under NIS2 and DORA.
– Focus on strengthening cyber maturity to combat advanced threats and enhance resilience.
– CAICO role transitioned from The Cyber AB, which remains the CMMC accreditation body.
Link: https://www.infosecurity-magazine.com/news/isaca-credentialing-authority-dods/