Kratos Authorized as CMMC Third Party Assessment Organization

Kratos Defense & Security Solutions has been accredited as a certified third party assessment organization under the Department of Defense’s Cybersecurity Maturity Model Certification program.

The company is now awaiting the completion of preparatory and authorization steps to be cleared to perform assessments on defense contractors seeking compliance with the first three CMMC levels.

The C3PAO status has only been given to two organizations so far, Kratos said Tuesday. 

Redspin, a division of CynergisTek, is the inaugural C3PAO. Unlike Kratos, Redspin has been cleared by the CMMC Accreditation Body to conduct assessments for CMMC levels 1 to 3.

Upon receiving the go-signal, Kratos will implement a four-phased assessment, estimated to be completed in four to six weeks, to determine the cybersecurity maturity of defense contractors.

The initial planning phase consists of assessment plan development and an assessment readiness review. The subsequent assessment and reports finding phases will focus on uncovering issues faced by defense contractors. A final remediation phase will be conducted to evaluate remedial actions taken to address the identified issues.

In a statement, Phil Carrai, president of Kratos Space, Training and Cyber Division, welcomed the company’s selection as one of the first C3PAOs.

According to Carrai, Kratos is well positioned to support the CMMC program owing to its prior experience as an advisory and assessment services provider for compliance frameworks such as the Federal Risk and Authorization Management Program.