The CMMC program achieved an important milestone on June 9, 2021 with the announcement by the CMMC Accreditation Body (“CMMC-AB”) that Redspin has passed all of the requirements and is now formally authorized to operate as a Certified 3rd Party Assessment Organization (“C3PAO”). C3PAOs are the entities authorized to conduct the maturity level assessments for those organizations throughout the defense supply chain seeking CMMC certification, and Redspin’s success paves the way for formal assessments to begin in the coming weeks once all supporting CMMC program materials are finalized this summer.

Redspin “passed the CMMC Maturity Level 3 (“ML3”) assessment performed by the Defense Industrial Base Cybersecurity Assessment Center (“DIBCAC”) and then met the remaining C3PAO administrative and personnel requirements.” Matthew Travis, the CMMC-AB’s CEO, said “Reaching this step in getting the CMMC ecosystem up and running is a significant milestone and we look forward to authorizing additional C3PAOs in the coming days and weeks”.

Tony Buenger, a CMMC Strategist at Redspin, said “We are excited to be the first Authorized CMMC 3rd Party Assessment Organization, but we also recognize that this would not be possible without the hard work of the entire CMMC Ecosystem. While the CMMC as we know it now is still growing, we owe a debt to all the volunteers and cyber professionals who are diligently working to improve the security of the nation’s industrial base and defense supply chain. I am looking forward to working with our peer organizations and fellow cyber professionals in the near future to achieve the DoD’s mission together.”

Updated at 11:05 AM to include comment from Tony Buenger.