Elliott Davis, a business solutions and accounting firm with nine offices across the Southeast, announced today that it has been selected as a candidate Certified Third-Party Assessor Organization (C3PAO) by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body. The CMMC is a unified security standard and certification process developed by the U.S. Department of Defense (DoD) to strengthen the protection of sensitive data, including controlled unclassified information (CUI) and federal contract information (FCI), throughout its supply chain. Only C3PAOs can conduct CMMC assessments and this candidate selection is a crucial step in helping federal contractors navigate the DoD’s cybersecurity certification processes.
“Now is the time to prepare as the Department of Defense will begin requiring CMMC certification in some request for proposals and contracts starting fiscal year 2021,” said Lizzie Tinker, Cybersecurity Manager at Elliott Davis and one of the first Provisional Assessors nationwide for the CMMC. “It is a complex process that becomes more stringent based on the level your business ranks as a DoD contractor. Our cybersecurity team has deep expertise advising clients that contract with the DoD, and we’re proud to be selected as a candidate C3PAO to help customers navigate the CMMC process.”
The CMMC was derived from cybersecurity best practices from various cybersecurity standards and frameworks. To quantify compliance and program adoption of these processes and practices, the CMMC includes a certification process that measures maturity over five levels. The levels are cumulative, so prior to an organization achieving a specific CMMC level, it must complete the preceding levels.
Elliott Davis provides CMMC counsel and services, including overall readiness, maturing from one level to the next, gap analysis, control selection and tailoring, control implementation guidance, system security plan (SSP) development, and plan of action and milestones (POA&Ms) development.