Streamline your path to early CMMC Compliance with the Joint Surveillance Voluntary Assessment Program. 


The Joint Surveillance Voluntary Assessment Program (JSVAP or JSVA) offers an early path to Cybersecurity Maturity Model Certification (CMMC). As a Certified 3rd Party Assessment Organization (C3PAO), Redspin’s expert team conducts these assessments in collaboration with the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), to ensure your organization meets CMMC requirements before the rule is finalized.

A successful JSVA demonstrates that a Department of Defense (DoD) contractor possesses the necessary cybersecurity maturity to protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), qualifying them as a trusted DoD partner. The assessment evaluates the organization’s NIST 800-171 practices, and successful organizations receive a DIBCAC High certificate, which will later be replaced by a CMMC L2 Certificate once the rule is in place. The JSVA is expected to be available until the finalization of the CMMC rulemaking in late 2024.

The upcoming CMMC rule is estimated to impact 300k+ Defense Industrial Base (DIB) companies and will feature a phased rollout. With fewer than 50 C3PAOs currently available, conducting a JSVA early can help a company meet cybersecurity requirements before a backlog of CMMC assessments accumulates. As a transitional assessment for CMMC Level 2, many companies contracting with the DoD are proactively pursuing these JSVAs now, rather than waiting for the anticipated rulemaking.

A successful JSVA provides a significant competitive advantage, allowing companies to market their DoD-verified assessment status as trustworthy partners who protect national defense information. 


Benefits of a JSVA


The JSVA allows gaps to be included in the Phase 4 Plan of Action and Milestones (POAM), giving organizations 180 days to address areas needing improvement.

Pre Rev. 3.

With a JSVA,  you will get assessed before the release of NIST 800-171 Revision 3 (Rev. 3). Your organization will be assessed against the current 110 controls under Rev. 2 before any new requirements are added.

Competitive Edge.

A successful JSVA provides a competitive edge over peers who have not yet been assessed or certified yet.

More Time.

We anticipate, the three-year CMMC recertification timeline does not begin until the rulemaking is finalized, giving organizations a head start and extended period of certification validity with a JSVA.

If YOU want to get started on CMMC early with a JSVA…

Your first step is to contact a C3PAO.

Why Redspin


Redspin is the first Authorized C3PAO and has conducted the majority of JSVAs to date, making us the most experienced in the field.

Our Team

Our team consists of top-tier consultants who are CCAs and CCPs, that bring expertise from both sides of DoD contracting.

As a CMMC LTP, we are committed to providing the best guidance and support in the ecosystem, ensuring your organization meets and maintains CMMC requirements.

History in Cyber and Defense

As a leader in the CMMC space since its inception, we are deeply invested with the Cyber Accreditation Body (The Cyber AB), the DoD, and the CMMC Standards Council.

“Opting for JSVAP over waiting for the standard CMMC assessment was a strategic move to ensure we stay ahead in compliance and readiness. This perfect score is a testament to our commitment to cybersecurity excellence, reflecting our capability to secure highly sensitive contracts and maintain trust with our clients.”

Allen Hines, Chief Operating Officer of Alutiiq, LLC 


“We are proud to take the lead in being one of the first to undergo a JSVAP assessment to reinforce our commitment to operating under strong cybersecurity protocols and providing the best technology solutions to our customers.”

– John Bergin, Director Federal Security, of Microsoft Federal.

“This achievement underscores our unwavering commitment to protecting Controlled Unclassified Information (CUI) and reinforces our readiness to meet evolving regulatory requirements head-on.”

– Dent Thompson, Senior Vice President and Chief Operations Officer of Phoenix Air

“As both a Prime and Subcontractor for the DoD, we at Belcan have had a very positive experience with the Redspin team. Opting for Redspin as our C3PAO was a pivotal decision in our JSVA processes. The Redspin team was not just conducting assessments; they were by our side, guiding us through each challenge and ensuring we reach the finish line”  

Matt King, Chief Security & Data Officer of Belcan, LLC  


Obtain a DIBCAC High certificate and a CMMC attestation letter, validating your organization’s commitment to protecting the nation’s supply chain until the CMMC final rule is in place.   

The CMMC attestation letter will convert to a certificate once the rulemaking is final.

Get started with Redspin Today

Helping you navigate CMMC.