Pondurance

Pondurance Receives CMMC Registered Provider Organization Status

The Cybersecurity Maturity Model Certification Accreditation Body has designated managed detection and response specialist Pondurance as a registered provider organization for the Department of Defense’s CMMC program.

RPOs are authorized to offer consulting services to defense contractors gearing for CMMC audits and seeking compliance with the DOD’s new cybersecurity standards, Pondurance said.

The CMMC-AB website notes that RPOs merely serve as “implementers” and consultants and are not yet authorized to conduct certified CMMC assessments.

“After working with NIST frameworks, CSF and other regulator drivers such as 800-171 and DFARS, Pondurance’s team of cybersecurity experts is well-positioned to help organizations meet ongoing compliance requirements and guide those seeking CMMC certification,” said CEO Doug Howard.

The CMMC marketplace continues to grow, with Pondurance becoming the latest addition to the roster of RPOs, which also includes Volar Security, Sentar, ADNET and Coalfire.

Other key components of the cybersecurity program are CMMC third-party assessment organizations. C3PAOs are authorized to conduct compliance assessments for federal contractors seeking to do business with the Pentagon.

The CMMC-AB has designated five C3PAOs so far: Redspin, Kratos Defense & Security Solutions, Cask Government Services, Boston Government Services and Schellman & Company.

The DOD started implementing CMMC in December 2020 with the intention of fully requiring all contractors within the defense industrial base to achieve compliance by the beginning of fiscal year 2026.

CMMC certifications are a prerequisite for renewing or winning contracts with the DOD. The program has five certification levels that contractors need to comply with depending on the security that a Pentagon contract requires.