The RPOs and RPs in the CMMC ecosystem provide advice, consulting, and recommendations to their clients. They are the “implementers” and consultants, but do not conduct Certified CMMC Assessments. Any references to “non-certified” services are only referring to the fact that an RPO is not authorized to conduct a certified CMMC assessment.
- Authorized to represent the organization as familiar with the basic constructs of the CMMC Standard with a CMMC-AB provided logo
- Offer consulting advice, but not assessments
- Signifies that you have agreed to the CMMC-AB Code of Professional Conduct
- Listed on the CMMC-AB Marketplace
- Receive authorization from the CMMC-AB as a result of registering
- Sign the RPO agreement with the Accreditation Body (will be sent to applicants for review when available)
- Must pass an Organizational Background Check via data provided to the CMMC-AB by Dun & Bradstreet and have a DUNS number
- At least one Registered Practitioner (RP) must be associated with the RPO at all times (30-day grace period applies)
Insurance (minimums noted in RPO agreement):
- General Liability
- Errors and Omissions Policy
- Cybersecurity Liability Policy
Registrations Are Now Open
Due at the time of application
Application Fee- $1,000 (Nonrefundable)
Due at the time of application approval
Year-One Certification Fee - $4,000
Ongoing Fees - Beginning 1 Jan 2022
Annual Maintenance – $5,000
CMMC-AB Refund Policy
- Application fees are non-refundable
- Refunds for any fee, except Application fees, requested within 30 days shall be fully refundable upon review and approval by the CMMC-AB.
- Fees paid shall only be transferable to another named person from the same organization only if related services have not commenced.
All other fees outside of these conditions shall not be refundable.