ISACA has been authorized as the new CMMC Assessor and Instructor Certification Organization (CAICO) for the Cybersecurity Maturity Model Certification (CMMC) program of the US Department of War (DoW), making ISACA the trusted credentialing leader to manage the training, examination and professional certification for individuals within the CMMC ecosystem – the world’s largest cybersecurity certification program.
The credentials ISACA will administer for the CMMC program are the CMMC Certified Professional (CCP), the CMMC Certified Assessor (CCA) and Lead CCA, and the CMMC Certified Instructor (CCI).
CMMC is a major US Department of War (DoW) program, based on US-NIST standards, built to protect the Defense Industrial Base (DIB), affecting hundreds of thousands of organizations domestically and internationally.
Any organization that conducts business with the US DoW must have a certain level of certification from the CMMC for assessing and certifying the cybersecurity practices of defense contractors to ensure they adequately protect federal information. Formal CMMC implementation began 10 November 2025, with requirements increasing for each of the following three years toward full implementation by November 2028.
“This recognition elevates ISACA’s critical role in the global security landscape,” wrote ISACA CEO Erik Prusch in an ISACA Now blog post. “Not only is CMMC the largest cybersecurity certification program in the world, it is a program that sets a unified cybersecurity standard for hundreds of thousands of organizations in the Defense Industrial Base (DIB), with resulting impact on international security, supply chains and the global economy. It speaks volumes that ISACA is the organization that has been trusted to ensure its success going forward. This is a proud moment for our global community to celebrate.”
Prusch added, “CMMC requires high levels of reliability, trust, consistency, rigor and customer support. ISACA has the global footprint, unmatched certification infrastructure, strong customer experience capability around the world, and rigorous and globally respected certifications in assessment and audit. We also have deep expertise and pedigree in the DoW’s digital technology and services maturity assessments space via CMMI.”
Todd Gagnon, a career US Naval officer who has been at the forefront of the US cyber apparatus, will lead the program for ISACA. He has worked extensively across both the defense industrial base and the joint environment across DoW, bringing substantial experience in both industry and government.
“ISACA’s role as the CAICO gives us the opportunity to take a leading role in addressing the cybersecurity skills gap and creating the workforce needed for elevating the cybersecurity posture of the DIB,” said Chris Dimitriadis, Chief Global Strategy Officer for ISACA. “We are excited to have Todd Gagnon lead the CAICO, and we believe that his experience and expertise will prove to be highly valuable for the success of the program.”
While ISACA is the CAICO effective immediately, the full transition of services will occur by 1 April 2026.
Additional information can be found at www.isaca.org/cmmc. Those who wish to pursue or renew the CCP, CCA, or Lead CCA credentials before 1 April can register via the CMMC Marketplace on the Cyber AB web site.