Excellent community announcement - head nod to the mods.
I think this community will be interesting because the CIO role is so interesting. The CIO has to engage with security leadership as well as business leadership to make the business run ...and those two groups tend to have friction.
Is anyone else at least a little bothered that the same C3PAO can do a “mock” CMMC L2 assessment and then turn around and do the official assessment?
The Cyber AB’s Code of Professional Conduct says it’s fine as long as the mock is “non-certification,” strictly follows the assessment procedures, and the C3PAO gives zero remediation advice. The moment they help you fix anything, it becomes “consulting,” and they’re supposed to be banned from certifying you for 3 years.
And wouldn’t it be awkward to pass the mock and then be failed by the same C3PAO (awkward for the C3PAO and for the OSC)?