Pioneering Aviation Company Demonstrates Proactive Commitment to Forthcoming CMMC Requirements

Nashville, TN (February 28, 2024) – Redspin, a division of cybersecurity and managed cloud services firm Clearwater, and the leader in Cybersecurity Maturity Model Certification (CMMC) services for the defense industrial base (DIB), today announced the successful completion of the Joint Surveillance Voluntary Assessment (JSVA) by its client, Phoenix Air Group, Inc. (Phoenix Air). Phoenix Air is a pioneering aviation company operating around the world for commercial and government clients providing passenger, cargo, and air ambulance transportation services. The JSVA, conducted by Redspin, jointly with the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), concluded with a flawless score of 110, earning Phoenix Air a DIBCAC High certificate, which is expected to convert to a CMMC Level 2 certification once the rule is effective.

The JSVA, an early adopter evaluation option preceding the finalization of CMMC rulemaking, allows organizations that have DoD contracts to undergo voluntary assessments conducted jointly by Certified 3rd Party Assessment Organizations (C3PAOs), such as Redspin, and the DIBCAC. The JSVA Program is available until the DoD finalizes its CMMC rulemaking which is expected later this year.

The JSVA is a critical step in Phoenix Air’s strategy in demonstrating that as a DIB contractor, it has the cybersecurity maturity required to be a trusted partner to the DoD. Redspin, leveraging its proficiency in conducting comprehensive JSVAs that align with anticipated CMMC requirements, meticulously evaluated Phoenix Air’s implementation of NIST 800-171 r2 across various domains, including technical, physical, and administrative elements.

The completion of the JSVA with a 110 score and no plan of action and milestones (POA&Ms) positions Phoenix Air for early CMMC certification and exemplifies its leadership in both technology and security. Dent Thompson, Senior Vice President and Chief Operations Officer of Phoenix Air expressed pride in the company’s dedication to safeguarding sensitive information, saying, “This achievement underscores our unwavering commitment to protecting Controlled Unclassified Information (CUI) and reinforces our readiness to meet evolving regulatory requirements head-on.”

During its November 2023 Town Hall meeting, the Cyber Accreditation Body (The Cyber AB) reported that out of the 150 companies that applied for a JSVA, only 22 have completed the process up to that point. Of note, Redspin has conducted 10 of the fully completed 22 assessments.

“Completing a JSVA is a significant milestone for any company, offering an early opportunity to showcase compliance with NIST 800-171 r2, required by the current DFARS 252.204-7012 standard, and to establish competitive differentiation over non-compliant contractors once the CMMC rule is finalized,” said Brian McManamon, President of Redspin. “Phoenix Air Group is a trailblazer in cybersecurity readiness.  It’s crucial for organizations not to wait to comply with CMMC. Rather they should actively pursue a JSVA or partner with a C3PAO to start their CMMC journey. By doing so, companies can position themselves as trustworthy partners in the defense supply chain, safeguarding sensitive data and minimizing cybersecurity risks.”


About Phoenix Air Group, Inc

Phoenix Air Group, Inc. is a leading provider of aviation services, offering a comprehensive range of solutions including air ambulance, charter, and aircraft maintenance. Recognized for deploying highly modified aircraft equipped with advanced combat training systems providing realistic threat training to the U.S. Department of Defense (DoD), foreign militaries, the North Atlantic Treaty Organization (NATO), and other international partners.  With a focus on safety, reliability, and excellence, Phoenix Air Group delivers unparalleled service to clients worldwide.

Phoenix Air’s military contracting division is a world leader in providing real-time threat training to military fighter aircraft, warships, and air surveillance units. Phoenix Air Serves as a prime contractor to the U.S. Navy and NATO and offers specialized services such as electronic attack, target towing, radar/communications jamming, and range surveillance.

About Redspin

Redspin, a division of Clearwater, specializes in enhancing the cyber readiness and resilience of federal and Defense Industrial Base (DIB) organizations. As the first Authorized CMMC Third Party Assessment Organization (C3PAO), Redspin provides expert guidance to organizations seeking to minimize cyber risks and protect sensitive information. Its parent company Clearwater provides defense contractors with managed cloud and managed security services that enable them to meet and comply with CMMC requirements.


Media Contacts

Redspin, a Division of Clearwater
Alyssa Martin
(703) 218-3555

Phoenix Air Group, Inc.
Jamie Abernathy