The Nation’s First Authorized CMMC Third-Party Assessment Organization (C3PAO) Completes Sixth Successful Assessment Under the Joint Surveillance Voluntary Assessment Program (JSVAP)

Nashville, TN (August 21, 2023) – Redspin, a division of cybersecurity and compliance company Clearwater, and a leader in security and Cybersecurity Maturity Model Certification (CMMC) services for the defense industrial base (DIB), recently completed an assessment for its client, Credence Management Solutions (Credence). Credence, a leading vendor within the GSA OASIS vehicles and one of the United States’ fastest-growing privately held firms over the last decade, successfully passed the assessment, which Redspin conducted under the Joint Surveillance Voluntary Assessment (JSVAP). Redspin conducted the assessment as a C3PAO jointly with the Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). This assessment marks Redspin’s sixth successful evaluation of an organization under the JSVAP, and positions Credence to attain early CMMC certification and maintain it for three years after the final CMMC rule is in place.

Cybercriminals have increased attacks on United States defense contractors over the last several years. These security risks, which threaten U.S. national security, led to the development of the CMMC assessment framework, which provides a minimum standard of security for certain contractors. The CMMC framework is used to certify the cyber readiness of contractors doing business with the Department of Defense (DoD). To meet CMMC Level 2 certification requirements, a CMMC assessment must be conducted by a C3PAO.

The JSVAP assessment is an early adopter assessment option before the CMMC rulemaking process is complete and evaluates a company’s adherence to strict cybersecurity controls and safeguards to ensure the protection of Department of Defense (DOD) Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). The assessment certifies the organization’s strong security posture and demonstrates its commitment to safeguarding defense-related information from cyber threats.

“We are thrilled to announce that Credence has successfully passed the JSVAP assessment,” said Brian McManamon, President at Redspin. “This achievement is a testament to Credence’s unwavering dedication to excellence in both quality and security and we are proud to have been selected to be their C3PAO. We are proud to continue to work closely with DIBCAC to drive CMMC adoption forward through the JSVAP program.”

“Undergoing and passing the JSVAP validates the effectiveness of our cybersecurity programs and demonstrates our dedication to safeguarding sensitive information and maintaining the highest standards of data security for our government customers,” said Credence CEO Sid Chowdhary. “We take great pride in being one of the early adopters of this initiative and in scoring 100% across all 110 controls. Credence deeply appreciated our partnership with Redspin, along with DCMA/DIBCAC, throughout the audit process.”.

Redspin, renowned for its expertise in CMMC services and conducting comprehensive JSVAP assessments, carried out a thorough evaluation of Credence’s implementation of NIST 800-171 r2 encompassing documentation, implementation, and understanding of the requirements. The assessment encompassed various domains, including technical, physical, and administrative items.

The JSVAP is based on NIST 800-171 r2 guidelines, ensuring adherence to the confidentiality of CUI. Organizations that successfully complete a JSVAP assessment are issued a DIBCAC high certificate. Those who obtain a DIBCAC High Certificate are anticipated to receive a CMMC L2 certificate after CMMC rulemaking is complete.

About Credence Management Solutions

Credence delivers innovative solutions for defense, intelligence, health, and international development agencies. Credence is one of the nation’s largest privately held government contractors.

About Redspin

Redspin is a division of cybersecurity and compliance company Clearwater, which focuses on improving the cyber readiness and resiliency of federal and Defense Industrial Base (DIB) organizations. As the first Authorized CMMC Third Party Assessment Organization (C3PAO), Redspin has the expertise and experience to help organizations minimize cyber risks and protect sensitive information.