Redspin Named CMMC Third Party Assessor Organization
The Cybersecurity Maturity Model Certification Accreditation Body has authorized Redspin, a division of CynergisTek, to perform assessments on defense contractors seeking compliance with the first three CMMC levels.
Redspin is the first authorized CMMC third-party assessment organization and the only candidate C3PAO that passed level 3 requirements.
Before being cleared by the CMMC-AB, Redspin first had to secure initial approval from the Defense Industrial Base Cybersecurity Assessment Center, CynergisTek said.
Redspin has formally entered the CMMC marketplace, achieving a critical milestone in a program whose implementation has been fraught with complications.
A group of anonymous sources said initial audits required in licensing assessors were difficult and took longer than expected. Another source noted that organizations are having trouble with the maturity documentation associated with CMMC level 3.
In a statement, Matthew Travis, chief executive officer of the CMMC-AB, described Redspin’s certification as a critical step in getting the CMMC ecosystem up and running.
Travis added that he looks forward to authorizing additional C3PAOs in the coming days and weeks.
The Department of Defense started implementing CMMC in December 2020, intending to fully require all contractors within the defense industrial base to achieve compliance by the beginning of fiscal year 2026.
CMMC certifications are a prerequisite for renewing or winning contracts with the DOD. The program has five certification levels that contractors need to comply with depending on the security that a DOD contract calls for.
Tags: C3PAO CMMC CMMC-AB cybersecurity Cybersecurity Maturity Model Certification CynergisTek Defense Industrial Base Cybersecurity Assessment Center Matthew Travis Redspin