skip to Main Content
Talk to a Security Expert Now: (800) 721-9177


Cybersecurity Maturity Model Certification (CMMC) for the Defense Industrial Base (DIB) and its Suppliers

What is CMMC?

Cybersecurity risks threaten the defense industry and the national security of the U.S. government and has led to the development of the CMMC assessment program, an extension of DFARS 252.204-7012 (NIST SP 800-171). This program is used to certify the cyber readiness of contractors doing business with the Department of Defense (DoD). A CMMC assessment must be conducted by a CMMC Third-Party Assessor Organization (C3PAO) in order to meet the DoD’s requirement.


Who Needs to Comply with CMMC?

Organizations that need to renew a current DoD contract or bid on a new DoD contract will be required to certify that they meet one of the five maturity levels of CMMC. This requirement will be phased in starting in 2020. Security is not one size fits all, therefore the level an organization must meet is determined based on the type and sensitivity of information to be protected and the range of threats.

Maturity Levels CMMC

Who Can Certify My Organization?

Each organization requiring CMMC certification must be certified by a certified third-party assessment organization (C3PAO) who has not performed mock audit or remediation work before or after the assessment, and who is authorized, and trained to perform CMMC assessments on behalf of the DoD.

Redspin is an authorized C3PAO and we have access to multiple Certified Provisional Assessors (level 3) including those on our own staff.

Why Choose Redspin?

As one of the top-performing assessment companies serving highly regulated industries and one that also helps remediate gaps within security programs, small to large enterprises turn to us for assistance and guidance in building and managing their cybersecurity programs. Redspin is an authorized C3PAO to perform CMMC assessments and a RPO to perform CMMC readiness and remediation work in the CMMC-AB provisional program.

We align your organization with the best of the best cybersecurity experts to independently assess your organization. We have a number of assessors and consultants ready to be deployed to address your needs on your schedule. And once you’re a client we will keep you abreast of security best practices and intel to provide insight to help manage your security program now and into the future.

Prepare Today, Win Federal Contracts Tomorrow with Redspin

Redspin offers the following services to support you on your journey to becoming CMMC certified:

Prepare for CMMC with a Comprehensive Pre-assessment

  • Identify security gaps against the 17 Controls (Level 1) outlined in the CMMC Model
  • Provide recommended solutions based on Federal Acquisition Regulations and NIST SP 800-171 r2
  • Assist in the development of a System Security Plan and Plan of Action to becoming CMMC certified
  • Save time and money now before applying for certification

CMMC Assessments (Maturity Level 1-3)

  • Approved C3PAO to help DIB contractors aiming to achieve CMMC certification
  • Assessment methodology based on:
    • US federal acquisition rule (48 FAR 52.204-21) mandating implementation of basic safeguarding requirements
    • DoD federal acquisition rules (DFARS 252.204-70xx Series) to protect controlled unclassified information (CUI)
    • CMMC requirements and NIST Special Publication 800-171


  • Remediate gaps found after completing a mock audit or CMMC assessment
  • Develop policies and procedures, incident response runbooks, and best practices
  • Implement processes and technology
  • Gain insight from advisors who have developed and managed security programs in highly regulated industries

Redspin is an authorized C3PAO Certified Third-Party Assessment Organization and Registered Provider Organization (RPO), recognizing that our team understands CMMC requirements and follows professional conduct to help you on your journey to becoming CMMC ready and certified.

Awards & Recognitions

Back To Top