CMMC accreditation board gets new members as several depart

The Pentagon with Arlington, Virginia, as a backdrop. (Getty Images)

Share

Written by

The independent board tasked with implementing the new cybersecurity standards for defense contractors has some new faces after the recent departures of several members.

The Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) added Sheryl Hanchar, vice president and chief information security officer of Cobham Advanced Electronic Solutions, and Charlie Williams, president of CWilliams LLC, to the board of directors. Both have military experience, with Hanchar serving in the Navy and Williams working as a civilian in Air Force contracting and director of the Defense Contract Management Agency. A role on the AB’s board involves much more day-to-day and tactical work, rather than the typical long-term strategy and advice usually associated with board seats.

“A regular rotation is expected and always brings fresh ideas and perspectives to our fast-growing organization,” Mark Berman, communications committee chair told FedScoop in an email.

The program the AB is implementing, CMMC, is the Defense Department’s new standards all contractors will need to comply with to earn government dollars. It replaces the current self-assessment standards with a third-party verification scheme where contractors must have networks that meet a one-five level of security controls. Where the AB comes in is they will train, accredit and oversee the ecosystem of assessors that will certify roughly 300,000 contractors. Most contracts will be a level one, which only involves basic security measures.

The two additions come after five members recently departed or stepped back from their work with the AB. One, Nicole Deans, has been on a personal leave of absence for several months, multiple people familiar with the matter have said. Other members who recently resigned include: Jim Gopel, Chris Golden, Valecia Maclin and John Weiler.

The turnover comes as the AB is close to executing a new contract with the DOD that would redefine the two entities’ relationship. DOD recently said the contract would be finalized by the end of August. A spokesperson did not return a request for comment on whether it’s been executed.

John Weiler continues to have a relationship with the AB through a memorandum of understanding that his nonprofit, the IT-Acquisition Advisory Council (IT-AAC), signed with the AB. Part of that work, according to Weiler’s council, has included building what it calls the “CMMC Center of Excellence.” The AB recently said that it does not have any intent to be a part of the CoE, nor does a copy of the MOU obtained by FedScoop mention a CoE by name. It does give IT-AAC authority to promote education and mutual interests with the AB.

“I resigned on my own volition, I was frustrated with a number of issues that I felt I could no longer impact,” Weiler told FedScoop about his resignation. He went on to say “I believed they would honor and support the MOU.”

The turnover is not unexpected for the AB. Members have regular virtual meetings, often stretching several hours long on minute details on the new regulations. Despite it being a volunteer position, it became a full-time job for many.

“I would still be involved but it started to become too time-intensive and was keeping me from doing revenue-producing work,” Gopel told FedScoop in a LinkedIn message. “It was an honor to be able to be part of such an immensely important project, and I hope to be able to contribute in other ways in the future.”

-In this Story-

CMMC, Cybersecurity, Cybersecurity Maturity Model Certification, Department of Defense (DOD)
TwitterFacebookLinkedInRedditGoogle Gmail