How do I get Certified?
The CMMC Accreditation Body (AB), a non-profit, independent organization, will accredit CMMC Third Party Assessment Organizations (C3PAO) and individual assessors. The CMMC AB will provide the requisite information and updates on its website.
www.cmmcab.org
The CMMC AB has established the CMMC Marketplace. It includes a list of approved C3PAO as well as other information. Once the Candidate C3PAOs are assessed and certified, formal assessments will begin. Find us on the CMMC AB Marketplace.
https://portal.cmmcab.org/marketplace/cask-government-services-c3pao/
What is CUI?
CUI is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls.
- Critical Infrastructure
- Defense
- Export Control
- Financial
- Immigration
- Intelligence
- International Agreements
- Law Enforcement
- Legal
- Natural and Cultural Resources
- NATO
- Nuclear
- Privacy
- Procurement and Acquisition
- Proprietary Business Information
- Provisional
- Statistical
- Tax
A CUI Registry provides information on the specific categories and subcategories of information that the Executive branch protects. The CUI Registry can be found at: https://www.archives.gov/cui and includes these index groupings.
What if my company does not possess CUI?
If a DIB company does not possess CUI but possesses Federal Contract Information (FCI), it is required to meet FAR Clause 52.204-21 and must be certified at a minimum of CMMC Level 1.