The accreditation body for the Department of Defense’s Cybersecurity Maturity Model Certification program has issued a request for proposals for a continuous monitoring platform.
The RFP posted Wednesday on LinkedIn says that certified third-party assessment organizations, assessors and companies seeking certification will use the continuous monitoring tool to carry out pre-evaluation background research and monitor firms between formal assessments.
The CMMC-AB stated some of its basic requirements for the platform, including the capability to secure the body and DoD’s intellectual property and allow companies seeking accreditation to see their security posture.
The accreditation body wants the platform to provide automatic notifications to C3PAOs and assessors “when any company they were responsible for assessing has a security score decrease a specific amount.”
The tool should also offer automated approaches for prioritizing findings and asset value information for the findings provided.
The CMMC-AB will accept responses through May 1 and expects proposal selection to occur by May 8.