CMMC C3PAOs: Preparing for an ISO 17020 Audit

under the current DoD/CMMC-AB requirements, C3PAOs face several hurdles, including certification of their cybersecurity programs at CMMC ML3 by DCMA’s DIBCAC. The C3PAOs must also obtain ISO 17020 accreditation by October 31, 2022. Although the C3PAOs have some time before the ISO accreditation requirement kicks in, they are smart to start the audit preparation process now. In this session, Vicki Delaney and Tara Lemieux discuss the differences between 17020 and 17021, describe the 17020 requirements, and answer questions about the accreditation process.