.svg){kind=spacer}
January 24, 2026
ISACA has been named the certification authority for the U.S. defense supply chain’s Cybersecurity Maturity Model Certification (CMMC) ecosystem, meaning it will run the official training, exams, and professional credentials for people who assess and teach CMMC. In practice, ISACA will administer the credential pathways for CMMC Certified Professional (CCP), CMMC Certified Assessor (CCA), CMMC Certified Instructor (CCI), and the Lead CCA designation—positioning it as the organization responsible for consistency and quality in how CMMC assessors and instructors are trained and certified.
The article frames this as a pivotal moment because CMMC implementation began on November 10, 2025 and is planned to ramp up over the next three years toward full implementation by November 2028, with global impact for any company that does business with the U.S. defense ecosystem. It also notes a transition period: the Cyber AB (the prior certification organization) will provide transition services through March 31, 2026, with full transition on April 1, 2026, and identifies Todd Gagnon as the incoming leader for the program. Finally, it highlights a practical “shortcut” for some professionals: existing ISACA certifications like CISM or CISA can satisfy a baseline prerequisite for CCA eligibility (alongside other requirements such as CCP, experience, training, exams, and a background check).
