JSVA
JSVA Overview
The Joint Surveillance Voluntary Assessment Program (JSVAP or JSVA) offers an early path to Cybersecurity Maturity Model Certification (CMMC). As a Certified 3rd Party Assessment Organization (C3PAO), Redspin’s expert team conducts these assessments in collaboration with the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), to ensure your organization meets CMMC requirements before the rule is finalized.
A successful JSVA demonstrates that a Department of Defense (DoD) contractor possesses the necessary cybersecurity maturity to protect Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), qualifying them as a trusted DoD partner. The assessment evaluates the organization’s NIST 800-171 practices, and successful organizations receive a DIBCAC High certificate, which will later be replaced by a CMMC L2 Certificate once the rule is in place. The JSVA is expected to be available until the finalization of the CMMC rulemaking anticipated in early 2024.
The upcoming CMMC rule is estimated to impact 300k+ Defense Industrial Base (DIB) companies and will feature a phased rollout. With fewer than 50 C3PAOs currently available, conducting a JSVA early can help a company meet cybersecurity requirements before a backlog of CMMC assessments accumulates. As a transitional assessment for CMMC Level 2, many companies contracting with the DoD are proactively pursuing these JSVAs now, rather than waiting for the anticipated rulemaking.
A successful JSVA provides a significant competitive advantage, allowing companies to market their DoD-verified assessment status as trustworthy partners who protect national defense information.
Benefits of a JSVA
Flexibility.
The JSVA allows gaps to be included in the Phase 4 Plan of Action and Milestones (POAM), giving organizations 180 days to address areas needing improvement.
Pre Rev. 3.
Competitive Edge.
More Time.
We anticipate, the three-year CMMC recertification timeline does not begin until the rulemaking is finalized, giving organizations a head start and extended period of certification validity with a JSVA.
If YOU want to get started on CMMC early with a JSVA…
Your first step is to contact a C3PAO.
Why Redspin
Experience
Redspin is the first Authorized C3PAO and has conducted the majority of JSVAs to date, making us the most experienced in the field.
Our Team
Redspin is a Licensed Training Provider (LTP), and our team consists of top-tier consultants, and who are CCAs and CCPs, that bring expertise from both sides of DoD contracting.
History in Cyber and Defense
As a leader in the CMMC space since its inception, we are deeply invested with the Cyber Accreditation Body (The Cyber AB), the DoD, and the CMMC Standards Council.
Outcome
Get started with Redspin Today
Helping you navigate CMMC.