C3PAO designation

Booz Allen Gets C3PAO Authorization From The Cyber AB

Booz Allen Hamilton, an information technology consulting firm headquartered in McLean, Virginia, announced that it has been authorized by the Cybersecurity Maturity Model Certification Accreditation Body as a CMMC third-party assessment organization. The authorization is in line with the Department of Defense’s efforts to help its contractors obtain CMMC certification, Booz Allen said Friday.

In a statement, the consulting company said it is among the first to become an authorized C3PAO in the CMMC ecosystem. In February 2021, it received The Cyber AB’s authorization to act as a registered provider organization.

Booz Allen explained that The Cyber AB established both the RPO and C3PAO roles to prepare the DOD’s prime and sub-contractors for CMMC certification. These authorizations empower a third-party organization to provide advisory services in preparation for clients’ certification, assess their compliance with cybersecurity standards, and, ultimately, award them their certificates.

Booz Allen described the CMMC as a program established by the Pentagon to protect the defense industrial base from increasingly frequent and complex cyber attacks. The company said the program seeks to enhance the protection of controlled unclassified information and federal contract information shared within the DIB.

Meanwhile, the firm said it has been working closely with the federal government to establish and refine the new CMMC framework. Specifically, it has been working alongside the Office of the Undersecretary of Defense for Acquisition & Sustainment to guide the new framework’s impending rollout.

On its website, The Cyber AB said it is the sole authorized non-governmental partner of the Pentagon in implementing and overseeing the CMMC conformance regime. Its primary purpose has been to authorize and accredit C3PAOs but it has recently taken on wider responsibilities.