One of only a handful of organizations accepted into the CMMC Certified Third-Party Assessor Organization (C3PAO) and Registered Provider Organization (RPO) programs.

AUSTIN, TX (December 17, 2020) – Redspin, a division of Clearwater, a leading cybersecurity firm helping organizations in highly regulated industries navigate emerging security and privacy issues, today announced that Redspin, a division of Clearwater [formerly a division of CynergisTek, now a Clearwater Company], received approval from the Cyber Accreditation Body (Cyber-AB) to perform CMMC assessments as a C3PAO and to perform pre-assessment security consulting as a RPO.The United States Department of Defense (DoD) is the first government agency to require third party cyber security assessments of contractors with access to controlled unclassified information. This is part of a broad effort from the DoD to reduce the estimated $600 billion in cybercrime losses impacting the nation’s military supply chain every year. In a phased rollout, 300,000 Defense Industrial Base (DIB) contractors will be required to meet varying levels of CMMC certification as a requirement for the DoD to award a contract. As one of only a handful of C3PAO organizations approved today, Redspin is authorized to perform Levels 1-3 CMMC assessments as part of the provisional program defined by the Cyber-AB.

CMMC is based on U.S. federal acquisition rule (48 FAR 52.204-21) mandating implementation of basic safeguarding requirements and the DoD federal acquisition rules (DFARS 252.204-70xx Series) to protect Controlled Unclassified Information. These regulations are similar to those governing HIPAA and PHI in healthcare, and based on NIST Special Publication 800-171, which is similar and complementary to the assessment, consulting, and remediation work that Clearwater provides today.

“Offering our expertise to the DoD as a C3PAO and RPO is a natural progression, evolving our healthcare practice and knowledge to address the needs and high demand in adjacent markets. For example, many of our academic medical center clients need to comply with CMMC. As a result, Redspin is proud to be one of the organizations having one of the first one hundred CMMC-trained assessors on staff,” says Caleb Barlow, [former]CEO and president at CynergisTek [now Clearwater].

Mr. Barlow goes onto say, “We’re honored to be one of the first public companies chosen to help ensure controlled unclassified information flowing down from the DoD to the DIB contractors and their subcontractors is protected. Getting in on the ground level aligns extremely well with our growth strategy and expansion of the Company. It is a simple pivot for us leveraging existing resources, skills, and technology, and dramatically expands our total addressable market.”

About Redspin

Redspin is a division of cybersecurity and compliance company Clearwater, which focuses on improving the cyber readiness and resiliency of Defense Industrial Base (DIB) organizations. As the first authorized C3PAO for CMMC, Redspin has the expertise and resources to help DIB organizations to minimize cyber risks and protect sensitive information.