Redspin, a division of Clearwater, is the first organization to successfully pass the CMMC Level 3 certification as a Candidate CMMC Third Party Assessor Organization (C3PAO).

AUSTIN, TX (June 9, 2021) – Redspin, a division of Clearwater, is the first organization to successfully pass the Cybersecurity Maturity Model Certification (CMMC) Level 3 certification as a Candidate CMMC Third Party Assessor Organization (C3PAO). Specifically, Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) determined Redspin’s security practices and processes met the requirements of CMMC Level 3 and, subsequently, the CMMC Accreditation Body has credentialed Redspin, as an Authorized C3PAO ready to conduct CMMC assessments.

The United States Department of Defense (DoD) is aiming to reduce the estimated $600 billion in cybercrime losses impacting the nation’s military supply chain every year by requiring a third-party cyber security assessment of contractors with access to federal contract information (FCI) and controlled unclassified information (CUI). With this authorization, Redspin can now work contractually with Organizations Seeking Certification (OSCs) to conduct assessments based on CMMC Levels 1-3. In the CMMC model, Defense Industrial Base (DIB) contractors cannot negotiate on security – it becomes a mandatory requirement to secure or renew a DoD contract.

The preparation for this certification is intensive and involves rigorous documentation, evidence of process maturity, appropriate resourcing of security controls and organization-wide training. CMMC’s lofty goal is to ensure that third-party organizations implement protections against cybersecurity threats to U.S. national security.  It’s likely only the first step in a broader federal agency push to require more accountability from private sector vendors in the wake of recent supply chain incidents including SolarWinds and vulnerabilities in Microsoft Exchange.

“As an organization that has performed more than a thousand assessments in other highly regulated industries, CMMC has been a key component of our growth strategy for more than a year.  We set out on a mission, we knew we had the team, but it has been an all-hands effort to develop the tools and requisite intellectual property to prepare for CMMC certification. Being first to be authorized is a testament to the dedication of our people to deliver on that strategy to improve security of the nation’s supply chain,” said Caleb Barlow, [former] president and CEO of CynergisTek [A Clearwater Company as of 2022]. “We have the resources on the ready and the last step was the formal authorization which we received today.  Our executives, consultants, and provisional assessors are looking forward to working with DIB suppliers to assess, build and validate their cyber resiliency.”


About Redspin

Redspin is a division of cybersecurity and compliance company Clearwater, which focuses on improving the cyber readiness and resiliency of Defense Industrial Base (DIB) organizations. As the first authorized C3PAO for CMMC, Redspin has the expertise and resources to help DIB organizations to minimize cyber risks and protect sensitive information.