CMMC Assessments

As the first Authorized C3PAO, our collaborative approach ensures a fair, honest, and candid CMMC assessment for your organization’s certification needs. 


Cybersecurity risks threaten the Defense Industrial Base (DIB) supply chain along with the national security of the U.S. government and has led to the development of the CMMC assessment framework to avoid or significantly reduce future losses due to cyber breaches.

The CMMC framework is used to certify the cyber readiness of contractors doing business with the Department of Defense (DoD). A CMMC assessment must be conducted by an Authorized CMMC Third-Party Assessment Organization (C3PAO) in order to meet the DoD’s requirement.

Level 1 Assessment –  Basic Cyber Hygiene (17 practices). Applies to contractors who store, process, and transmit Federal Contract Information (FCI).

Level 2 Assessment – Intermediate Cyber Hygiene (110  practices). Applies to contractors who store, process, and transmit FCI, and Controlled Unclassified Information (CUI). The majority of the DIB and research institutions will need to comply with this Level. 

Level 3 Assessment – Yet to be defined. Based off of NIST 171 and 172.

The JSVAP – Until the CMMC rulemaking process is final (expected early 2025), Organizations Seeking Certification (OSCs) can volunteer to participate in the Joint Surveillance Voluntary Assessment Program (JSVAP). The JSVAP is conducted by a C3PAO and the Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). The assessment evaluates the OSC’s NIST 800-171 practices, and successful organizations receive a DIBCAC High certificate that will later be replaced by a CMMC Certificate when the rule is in place.

Why Redspin

Collaborative Approach

Redspin’s collaborative approach to our assessment services involves a deep understanding of our clients’ security posture, culture, and business processes to provide tailored solutions which address their unique needs. Through communication and teamwork, we aim to ensure a successful and efficient assessment process.

Early CMMC Experience

As the first Authorized C3PAO and pioneers in conducting a few of the first successful JSVAP assessments, our team of Certified CMMC Professionals, Assessors (CCPs, CCAs), and Licensed Training Professionals (LTPs) have collaborated with the Cyber-AB to develop and enhance the CMMC ecosystem. We possess a deep understanding of the CMMC framework, its constraints, and its criteria.

History in Cyber and Defense

For over two decades, our team of experts, including former CISOs, CIOs, Compliance and Privacy Officers, and military Veterans have partnered with a range of organizations from small to Fortune 500 within various regulated industries to provide a compliant and robust security and privacy approach against threats.

Not ready for the CMMC certification assessment?

We can help you prepare:


Cybersecurity Advantages

Improve cybersecurity posture, reduce risk of cyber attacks, and enhance overall business operations under the current NIST 800-171 revision.

Peace of Mind

CMMC related assessment services provide companies with increased assurance that they are meeting cybersecurity requirements by validating their safeguards and practices.



Win Federal Contracts

Gain the advantage to securing federal contracts knowing that your requisite cyber hygiene meets the standards of the CMMC initiative.



Obtain a DIBCAC high certificate until the CMMC final rule is in place, validating your organization has done its duty to protect the nation’s supply chain. 

Get started with Redspin Today

Helping you navigate CMMC.