This is the main content of the page.
The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) ecosystem and the sole authorized non-governmental partner of the U.S. Department of Defense (DoD) in implementing and overseeing the CMMC conformance regime.
Founded in January 2020 as The CMMC Accreditation Body, Inc., The Cyber AB is a Maryland-based, nonprofit, 501(c)(3) tax-exempt organization. Our mission is to ensure the successful implementation of CMMC within the Defense Industrial Base in order to reduce digital risk to DoD's supply chains and contractor support infrastructure.
As of January 2025, The Cyber AB also serves as the exclusive Accreditation Body for the Secure Controls Framework (SCF) Conformity Assessment Program (CAP). This collaboration further expands The Cyber AB’s responsibilities to include oversight of SCF-related third-party assessment, attestation, and certification services. Our partnership with the SCF Council enables The Cyber AB to manage accreditation processes, ensure conformance to SCF standards, and maintain the SCF CAP ecosystem marketplace.
The Cyber AB serves both the private and public interest as a trusted third party, delivering impartial and consistent oversight of cybersecurity conformance regimes. Our services extend to critical sectors, including defense, critical infrastructure, industrial supply chains, and other high-risk industries. By accrediting assessment organizations across these domains, we help protect sensitive information, mitigate cybersecurity threats, and promote resilience against digital risks.
The Cyber AB does not receive funding from the Department of Defense or any other governmental taxpayer resources. Our contract with DoD is a "no cost" agreement, and our primary sources of revenue includes application and renewal fees from participants in the CMMC and SCF ecosystems.
In short, The Cyber AB's mission focuses on authorizing and accrediting CMMC Third-Party Assessment Organizations (C3PAOs) and SCF Third-Party Assessment Organizations (SCF 3PAOs) to support robust cybersecurity conformance frameworks. As both programs are in the early stages of full operational status, our responsibilities have expanded to include the management of associated marketplaces and other.
Currently, The Cyber AB also manages the professional certification and training aspects of the CMMC Ecosystem, working with our partners to develop the curricula and examination protocols for CMMC Assessors and CMMC Instructors. This responsibility, however, will be transitioned from The Cyber AB to the Cybersecurity Assessor and Instructor Certification Organization (CAICO), which will become a its own distinct legal entity.
The Cyber AB is operated by a full-time professional staff that is accountable to, and overseen by, the organization's Board of Directors. Members of the Board serve in a voluntary, uncompensated capacity, bringing diverse expertise and independent oversight to ensure the organization's integrity and effectiveness.
The Cyber AB's support to CMMC is through a direct contract with the CMMC Program Management Office (PMO) within the DoD.