C3PAO designation
Boston Government Services Authorized as CMMC Third-Party Assessor
Boston Government Services, a digital solutions provider, has been certified as a third-party assessor organization for the Department of Defense’s Cybersecurity Maturity Model Certification Program.
The DOD established CMMC to raise the bar for cybersecurity among defense contractors and address supply chain management issues, BGS said Tuesday.
C3PAOs are authorized to conduct compliance assessments for federal contractors seeking to do business with the DOD.
“This certification allows BGS to play a larger role in protecting our nation’s information and infrastructure security,” BGS President Harry Boston said.
An organization may only become a C3PAO once it achieves CMMC Level 3 certification, according to the CMMC Accreditation Body‘s primer.
A CMMC Level 3 clearance entails that an organization’s cybersecurity is robust enough to protect controlled unclassified information.
Like the preceding levels, CMMC Level 3 covers Federal Acquisition Regulation practices and National Institute of Standards and Technology SP 800-171 Rev 1 controls, according to information technology management company NeoSystems.
The Defense Contract Management Defense Industrial Base Cybersecurity Assessment Center determined in August that BGS meets the security practices and processes for CMMC Level 3.
DIBCAC is a DOD-affiliated group of volunteer professionals tasked with ensuring that contractors adequately protect the weapons, equipment and systems they build for the government.
BGS said it has been a registered provider organization for the CMMC program since December 2020, providing advice, consulting and recommendations to clients.
The CMMC-AB website says that RPOs merely serve as “implementers” and consultants but are not yet authorized to provide conduct certified CMMC assessments.
Category: Cybersecurity