February 18, 2021
It’s official: Rimstorm is now one of the first 20 companies to be approved as a C3PAO. We’re proud to be ahead of the curve on this one, and we are proud to have yet another avenue of service for our partners. What exactly is a C3PAO and what does having this certification mean for us — and more importantly — for you? Here’s a quick review of what all this entails.
Rimstorm and CMMC
As we’ve covered before, the Cybersecurity Maturity Model Certification is designed to help government contractors protect sensitive information such as CUI from malicious cyber activity, such as intellectual property theft, espionage by foreign governments and cyberattacks. This soon-to-be-implemented certification framework is the latest cybersecurity requirement for businesses fulfilling any type of Department of Defense contract requiring CMMC. The entire CMMC ecosystem is designed to provide assurance to the DoD of the cybersecurity posture of the Defense Supply Chain. If major incidents like the recent attack on the U.S. Department of Treasury have shown us anything, it’s the absolute necessity for standards such as this, and Rimstorm can help you meet CMMC compliance.
Rimstorm and the CMMC Accreditation Body
The CMMC-AB (CMMC Accreditation Body), implements the Cybersecurity Maturity Model Certification first published by the U.S. Department of Defense in January of 2020. The CMMC-AB provides certifications for C3PAOs — private Certified Third-Party Assessment Organizations — who hire CMMC-AB Certified Assessors. They in turn are trained by CMMC-AB Certified Instructors.
Rimstorm is now officially a C3PAO. We are a third-party organization who has received accreditation by the CMMC Accreditation Body. As a result, we will soon be able to conduct CMMC assessments.
Rimstorm and CMMC Assessment
Actual CMMC assessment consists of evidence-based, on-site evaluations of the capabilities, practices and process maturity defined in the CMMC model. We will soon be able to conduct these assessments. It’s important to note that not all CMMC assessments will require the same amount of effort, as lower levels defined in the CMMC model assess a smaller number of less-challenging cybersecurity capabilities. Meanwhile, higher-level assessments will be much more involved.
How Rimstorm Can Ultimately Help You Achieve CMMC Certification
Certification is the final result that everyone needs to achieve after a CMMC assessment has been completed. The CMMC certification represents a company’s clear demonstration of cybersecurity capabilities and organization maturity as defined for a specific level of the CMMC model. Most importantly, CMMC certification will be used to qualify companies for DoD contract awards. DoD contractors who are pursuing CMMC accreditation in order to maintain/gain government contracts have to reach out to a C3PAO. Since we are now a C3PAO ourselves, we, along with our partners, can literally provide you with everything you need to achieve certification.
We are proud that Rimstorm is currently at the forefront of all of this, and we feel it’s important for you to understand that we are essentially now a “one-stop shop” for becoming compliant with CMMC. Contact us today for CMMC preparation, pre-assessment and now certification, and stay ahead of the curve with us.