ISACA appointed to certify professionals assessing organisations against the US Department of War's (DoW) Cybersecurity Maturity Model Certification (CMMC) programme.

New requirements mean that all global businesses supplying to US DoW will need to be compliant with this framework, impacting over 200,000 organisations

Appointment supports global demand for consistent, verifiable cyber maturity amid escalating cyber threats and growing assessor shortages.

The Cyber AB remains the official accreditation body for the CMMC programme, authorizing the CAICO and other CMMC ecosystem parties

As cyber threats escalate and governments raise expectations around operational resilience, ISACA has been appointed to lead the global credentialing programme for the U.S. DoW's Cybersecurity Maturity Model Certification (CMMC) program. The appointment positions ISACA the international association for cybersecurity, audit and digital trust as the exclusive CMMC Assessor and Instructor Certification Organization (CAICO), responsible for training, examining and certifying professionals, assessors, and instructors across the CMMC ecosystem.

Originally developed by the U.S. DoW to protect sensitive unclassified information within its global supply chain, CMMC is increasingly relevant to European defence, aerospace, engineering and high-technology companies participating in transatlantic programmes. As the framework is phased into U.S. procurement from 2025 to 2028, many European organisations that handle Controlled Unclassified Information (CUI) or Federal Contract Information (FCI), or that support certain prime contractors, will need to be CMMC certified.

Military-Grade Cyber Training to Strengthen European Business Resilience

Beyond compliance, the business rationale for strengthening cyber maturity has never been clearer. European organisations now face sophisticated cyber techniques that were once confined to military or intelligence environments. High-profile supply-chain attacks across Europe have demonstrated how deeply operations can be disrupted when adversaries exploit gaps in cyber readiness. CMMC offers organisations access to rigorous, internationally recognised training and assessment standards designed to enhance resilience, protect sensitive data and reduce operational risk.

Building on ISACA's Global Leadership in Cybersecurity Assurance

ISACA's appointment comes at a time when Europe is elevating its own cybersecurity expectations under NIS2, DORA and national strategies that emphasise stronger governance and transparent assurance. By administering CMMC credentials including the CMMC Certified Professional (CCP), CMMC Certified Assessor (CCA) (CCA and Lead CCA) and CMMC Certified Instructor (CCI) designations, ISACA will support organisations seeking to align with emerging global benchmarks for supply-chain security while strengthening the professional cybersecurity assessment workforce.

"Across Europe, organisations are moving toward more structured, verifiable cyber maturity practices, particularly those engaged in cross-border defence and high-tech supply chains," said Christos Dimitriadis, Chief Global Strategy Officer at ISACA. "There is a global shortage of qualified cybersecurity assessors. By leading the CMMC credentialing programme, ISACA is helping build a trusted workforce capable of supporting organisations as they strengthen their cyber resilience."

Dimitriadis continued "While compliance is important, the underlying driver for CMMC and for cyber maturity efforts across Europe is the need to protect organisations against increasingly advanced threats. Strengthening cyber maturity is now fundamental to safeguarding continuity, resilience and trust."

ISACA's role reflects a growing international emphasis on consistency and quality in cyber assessments an essential requirement as adversaries target supply chains and governments seek clearer assurance of organisational readiness. The appointment also reinforces ISACA's long-standing commitment to advancing global cybersecurity capability and digital trust.

"Cyber maturity and supply-chain resilience are now essential requirements for defence and critical-infrastructure organisations globally,"added Erik Prusch, CEO of ISACA. "We are honoured to support the CMMC ecosystem through our globally recognised credentialing capabilities and to help professionals prepare for rising expectations across transatlantic supply chains."

The CAICO role was previously performed by The Cyber AB, which remains the CMMC accreditation body.

"We are thrilled to transition the CAICO and the stewardship of its critical mission to ISACA," remarked Matthew Travis, CEO of The Cyber AB. "ISACA brings unsurpassed credibility and experience to the CMMC program, along with its world-class quality management of professional IT certifications. CMMC will benefit enormously from ISACA's operation of the CAICO, which will directly contribute to building greater trust and confidence in the quality of CMMC assessors and in the program overall."

Additional information can be found at www.isaca.org/cmmc. Individuals wishing to pursue or renew the CCP, CCA or Lead CCA credentials before the transition may continue to do so via the Cyber AB website.

