ISACA to lead global credentialing for cyber security maturity model certification framework in the US

Appointment supports global demand for consistent, verifiable cyber maturity amid escalating cyber threats and growing assessor shortages

Pro

Christos Dimitriadis, ISACA

In association with ISACA

As cyber threats escalate and governments raise expectations around operational resilience, ISACA has been appointed to lead the global credentialing programme for the US DoW’s Cyber security Maturity Model Certification (CMMC) programme. The appointment positions ISACA – the international association for cybersecurity, audit and digital trust – as the exclusive CMMC Assessor and Instructor Certification Organization (CAICO), responsible for training, examining and certifying professionals, assessors, and instructors across the CMMC ecosystem.

Originally developed by the US DoW to protect sensitive unclassified information within its global supply chain, CMMC is increasingly relevant to European defence, aerospace, engineering and high-technology companies participating in transatlantic programmes. As the framework is phased into US procurement from 2025 to 2028, many European organisations that handle Controlled Unclassified Information (CUI) or Federal Contract Information (FCI), or that support certain prime contractors, will need to be CMMC certified.

Beyond compliance, the business rationale for strengthening cyber maturity has never been clearer. European organisations now face sophisticated cyber techniques that were once confined to military or intelligence environments. High-profile supply-chain attacks across Europe have demonstrated how deeply operations can be disrupted when adversaries exploit gaps in cyber readiness. CMMC offers organisations access to rigorous, internationally recognised training and assessment standards designed to enhance resilience, protect sensitive data and reduce operational risk.

Building on ISACA’s global leadership in cyber security assurance 

ISACA’s appointment comes at a time when Europe is elevating its own cybersecurity expectations under NIS2, DORA and national strategies that emphasise stronger governance and transparent assurance. By administering CMMC credentials including the CMMC Certified Professional (CCP), CMMC Certified Assessor (CCA) (CCA and Lead CCA) and CMMC Certified Instructor (CCI) designations, ISACA will support organisations seeking to align with emerging global benchmarks for supply-chain security while strengthening the professional cyber security assessment workforce.

“Across Europe, organisations are moving toward more structured, verifiable cyber maturity practices, particularly those engaged in cross-border defence and high-tech supply chains,” said Christos Dimitriadis, chief global strategy officer at ISACA (pictured). “There is a global shortage of qualified cyber security assessors. By leading the CMMC credentialing programme, ISACA is helping build a trusted workforce capable of supporting organisations as they strengthen their cyber resilience.”

Dimitriadis continued: “While compliance is important, the underlying driver for CMMC and for cyber maturity efforts across Europe is the need to protect organisations against increasingly advanced threats. Strengthening cyber maturity is now fundamental to safeguarding continuity, resilience and trust.”

ISACA’s role reflects a growing international emphasis on consistency and quality in cyber assessments – an essential requirement as adversaries target supply chains and governments seek clearer assurance of organisational readiness. The appointment also reinforces ISACA’s long-standing commitment to advancing global cyber security capability and digital trust.

“Cyber maturity and supply chain resilience are now essential requirements for defence and critical-infrastructure organisations globally,” added Erik Prusch, CEO of ISACA. “We are honoured to support the CMMC ecosystem through our globally recognised credentialing capabilities and to help professionals prepare for rising expectations across transatlantic supply chains.”

The CAICO role was previously performed by The Cyber AB, which remains the CMMC accreditation body.

“We are thrilled to transition the CAICO and the stewardship of its critical mission to ISACA,” said Matthew Travis, CEO of The Cyber AB. “ISACA brings unsurpassed credibility and experience to the CMMC program, along with its world-class quality management of professional IT certifications. CMMC will benefit enormously from ISACA’s operation of the CAICO, which will directly contribute to building greater trust and confidence in the quality of CMMC assessors and in the programme overall.”

Additional information can be found at www.isaca.org/cmmc. Individuals wishing to pursue or renew the CCP, CCA or Lead CCA credentials before the transition may continue to do so via the Cyber AB website.