CMMC-AB Designates Volar Security as Registered Provider Organization

Volar Security, a cybersecurity advisory firm, announced that it has been authorized as a registered provider organization under the Cybersecurity Maturity Model Certification program.

RPOs are authorized to provide advice, consulting and recommendations to clients seeking to comply with the Department of Defense’s CMMC standards, which are aimed at protecting the defense industrial base.

“Our team has signed a code of ethical conduct and received training to provide our customers accurate and honest guidance on preparing for their required CMMC level,” said David Africano, managing principal and chief information security officer at Volar Security.

According to Volar Security, the authorization allows the company to support government contractors in becoming audit-ready and maintaining compliance post-certification.

The company announced that its compliance services include pre-assessments, technical solutions, and policy and procedure guidance.

Africano noted that Volar Security has team members who are registered practitioners. Under the CMMC rules, registered practitioners are authorized to deliver non-certified advisory services informed by basic training on the certification’s standard.

RPOs are different from CMMC third-party assessor organizations, which are authorized to connect with organizations seeking certification on the CMMC Accreditation Body marketplace.

According to the CMMC-AB, RPOs only serve as “implementers” and consultants and are not authorized to conduct certified assessments.

Stacy Bostjanick, CMMC director within the Office of the Under Secretary of Defense for Acquisition and Sustainment, previously said that the Pentagon expects to accredit a handful of assessor companies by early summer.

Bostjanick urged defense contractors to be mindful of the official list of assessors and consultants because of companies that oversell their ability to provide CMMC services, FedScoop reported in February.