NASHVILLE, TN (April 8th, 2025) – Redspin, one of the first, largest, and most experienced Cybersecurity Maturity Model Certification (CMMC) 3rd Party Assessment Organizations (C3PAOs) in the CMMC ecosystem, today announced that its Managed Security Services business unit (MSSP) achieved CMMC Level 2 certification with a perfect score of 110 following an independent third‑party assessment.
While Redspin is already a C3PAO authorized to conduct Level 2 CMMC assessments, this certification applies specifically to the company’s MSSP business unit which provides clients with security operations support and ongoing cloud management aligned to CMMC requirements. Redspin’s MSSP business was assessed by an independent C3PAO, validating its ability to securely operate systems that store, process, and transmit Controlled Unclassified Information (CUI).
This achievement provides tangible, third‑party evidence that Redspin’s managed services infrastructure and environment meet the same rigorous security requirements imposed on Department of Defense (DoD) contractors. It also validates the company as a trusted External Service Provider (ESP) for organizations pursuing or maintaining CMMC, including those seeking to establish a secure enclave for managing CUI.
“We found our clients after JSV Assessments and even CMMC assessments looking to work with our experts to implement more manageable solutions to protect their CUI and environments,” said Brian McManamon, President of Redspin. “Along with our outstanding team of assessors and consultants, we have experts who excel at operationalizing CUI cloud protection and reducing scope, supporting organizations from 2-5 users to multi-national Defense contractors.”
What This Means for Managed Security Services Clients and CMMC OSCs
For Managed Security Services clients and Organizations Seeking Certification (OSCs), Redspin’s Level 2 certification provides increased assurance and reduced risk when including Redspin’s MSSP within their own CMMC strategy.
“CMMC is designed to validate that organizations are truly implementing strong cybersecurity practices to protect sensitive defense information,” McManamon said. “As a leading service provider in the CMMC ecosystem, it was important for us to hold our MSSP line of business to that exact same standard.”
“For defense contractors navigating CMMC requirements, it is critical to select partners who truly understand CMMC and can back up their expertise by meeting the requirements CMMC validates, particularly when those partners have access to CUI,” he continued. “While many providers claim CMMC experience, Redspin’s CMMC Level 2‑certified managed services provide independent corroboration that our security posture meets DoD expectations.”
As the DoD continues its phased rollout of CMMC, many contractors are seeking partners who not only have experience with, and an understanding of the relatively new program, but also operate secure environments that withstand formal assessments. Redspin supports organizations across the full CMMC lifecycle, from readiness and assessment to secure cloud environments, managed security services, and ongoing compliance support. Having conducted approximately 25% of all CMMC Level 2 assessments to date, Redspin brings unmatched, real-world experience to every stage of that journey.
“This certification demonstrates that Redspin doesn’t just assess the CMMC standard; we embody it ourselves,” said Thomas Graham, Redspin CISO. “For organizations that store, process, and or transmit CUI, this is the level of transparency and validation they should expect from any partner supporting their cybersecurity and compliance efforts.”
For more information about Redspin’s CMMC Level 2 certification, visit https://redspin.com/blog/redspins-managed-security-services-gets-perfect-score-in-cmmc-level-2-assessment. For more information about Redspin’s CMMC services and managed security offerings, visit www.redspin.com.
About Redspin
Redspin, the federal division of Clearwater, is a trusted partner to the Defense Industrial Base. Redspin provides CMMC assessments, training, consulting, managed cloud, security, and compliance services designed to help defense contractors protect their information and meet DoD cybersecurity requirements in order to focus on their mission.
Media Contact:
W2 Communications
redspin@w2comm.com
###
Book a meeting to tackle CMMC with Redspin: