ISACA to lead global credentialing for CMMC Cyber Security Framework

The appointment positions ISACA – the international association for cyber security, audit and digital trust – as the exclusive CMMC Assessor and Instructor Certification Organisation (CAICO) responsible for training, examining and certifying professionals, assessors and instructors across the CMMC ecosystem.

Originally developed by the US Department of War to protect sensitive unclassified information within its global supply chain, CMMC is increasingly relevant to European defence, aerospace, engineering and high-technology companies participating in transatlantic programmes. As the framework is phased into US procurement from 2025 to 2028, many European organisations that handle Controlled Unclassified Information (CUI) or Federal Contract Information (FCI), or that support certain prime contractors, will need to be CMMC certified.

Military-grade cyber training   

Beyond compliance, the business rationale for strengthening cyber maturity has never been clearer. European organisations now face sophisticated cyber techniques that were once confined to military or intelligence environments.

High-profile supply chain attacks across Europe have demonstrated how deeply operations can be disrupted when adversaries exploit gaps in cyber readiness. CMMC offers organisations access to rigorous and internationally recognised training and assessment standards designed to enhance resilience, protect sensitive data and reduce operational risk.

ISACA’s appointment comes at a time when Europe is elevating its own cyber

security expectations under NIS2, DORA and national strategies that emphasise stronger governance and transparent assurance.

By administering CMMC credentials including the CMMC Certified Professional (CCP), CMMC Certified Assessor (CCA) (CCA and Lead CCA) and CMMC Certified Instructor (CCI) designations, ISACA will support organisations seeking to align with emerging global benchmarks for supply chain security, while strengthening the professional cyber security assessment workforce.

Cyber maturity practices 

“Across Europe, organisations are moving towards more structured and verifiable cyber maturity practices, particularly so those engaged in cross-border defence and high-tech supply chains,” said Chris Dimitriadis, chief global strategy officer at ISACA. “There’s a global shortage of qualified cyber security assessors. By leading the CMMC credentialing programme, ISACA is helping to build a trusted workforce capable of supporting organisations as they strengthen their cyber resilience.”

Dimitriadis continued: “While compliance is important, the underlying driver for CMMC and for cyber maturity efforts across Europe is the need to protect organisations against increasingly advanced threats. Strengthening cyber maturity is now fundamental for safeguarding continuity, resilience and trust.”

ISACA’s role reflects a growing international emphasis on consistency and quality in cyber assessments: an essential requirement as adversaries target supply chains and Governments seek clearer assurance of organisational readiness. The appointment also reinforces ISACA’s long-standing commitment to advancing global cyber security capability and digital trust.

Essential requirements

“Cyber maturity and supply chain resilience are now essential requirements for defence and critical infrastructure organisations globally,” added Erik Prusch, CEO of ISACA. “We are honoured to support the CMMC ecosystem through our globally recognised credentialing capabilities and to help professionals prepare for rising expectations across transatlantic supply chains.”

The CAICO role was previously performed by The Cyber AB, which remains the CMMC accreditation body.

“We are thrilled to transition the CAICO and the stewardship of its critical mission to ISACA,” remarked Matthew Travis, CEO of The Cyber AB. “ISACA brings unsurpassed credibility and experience to the CMMC programme, along with its world-class quality management of professional IT certifications. CMMC will benefit enormously from ISACA’s operation of the CAICO, which will directly contribute towards building greater trust and confidence in the quality of CMMC assessors and in the programme overall.”

Additional information can be found online at www.isaca.org/cmmc. Individuals wishing to pursue or renew the CCP, CCA or Lead CCA credentials before the transition may continue to do so via the Cyber AB website.