Coalfire Federal among First C3PAOs Authorized to Perform CMMC Audits

Bill Malone, Coalfire Federal

Cybersecurity services provider Coalfire Federal has been picked by the Cybersecurity Maturity Model Certification Accreditation Body to become one of the first firms authorized to perform CMMC audits.

The CMMC framework was created to address the ongoing theft and unauthorized access to Controlled Unclassified Information by foreign adversaries through the enforcement of good cyber hygiene and best practices. 

The CMMC framework is a set of mandatory cybersecurity requirements all contractors in the Defense Department supply chain must implement and then have verified by an independent CMMC third-party assessment organization, or C3PAO. Five certification levels define the minimum security posture or maturity an organization must achieve as determined by the sensitivity of the information they handle. Organizations handling CUI must be certified at CMMC Level 3 or higher.

Coalfire Federal President Bill Malone said the company is honored to have been chosen as an initial C3PAO.

“As we experienced through the rollout of FedRAMP, we expect there will be lessons learned about the implementation and verification of CMMC practices and processes during the inaugural audits of 1,500 Pathfinder companies that will be performed in 2021,” he added. “[W]e look forward to a collaborative relationship with the CMMC-AB to help ensure the successful rollout and implementation of the CMMC framework.”

Over the last year, the Coalfire Federal team has participated as volunteers in the CMMC-AB Working Group responsible for creating the assessment criteria and methodologies to support the CMMC framework.

Comments are closed.