Government Technology and Services Coalition member, Booz Allen Hamilton, has been authorized by the Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (The Cyber AB) as a CMMC Third-Party Assessment Organization (C3PAO), strengthening the firm’s ability to deliver comprehensive CMMC services that enable clients to prepare and obtain certification. Booz Allen is among the first to become an authorized C3PAO in the CMMC ecosystem.
To help the Department of Defense (DOD) prime- and sub-contractors prepare and obtain certification, the Cyber AB established two non-governmental roles: the Registered Provider Organization (RPO) and the C3PAO. Booz Allen has been an authorized RPO since February 2021, providing advisory services to clients in their preparation to obtain their CMMC, and is now an authorized C3PAO, assessing clients and awarding them their certificates.
CMMC is a DOD program built to protect the Defense Industrial Base (DIB) from increasingly frequent and complex cyber attacks. It aims to enhance the protection of controlled unclassified information (CUI) and federal contract information (FCI) shared within the DIB. CMMC is designed to provide DOD increased assurance that a DIB company can adequately protect sensitive CUI and FCI, accounting for information flow down to subcontractors in a multi-tier supply chain.
Booz Allen has been working closely with the federal government to establish and refine the new CMMC framework. The firm is a trusted advisor to the DOD, with experts working at the Office of the Under Secretary of Defense for Acquisition & Sustainment, the Pentagon’s CMMC epicenter, to help guide its rollout. For the past several years, Booz Allen has partnered with the DOD to guide the CMMC program and subsequent rollout.
The Department of Defense (DOD) and the Cyber AB released the revamped CMMC 2.0 in December 2021. The framework is part of a multiyear, phased effort that requires DIB members to implement cybersecurity measures to protect FCI and CUI within their unclassified networks. The streamlined framework is intended to allow organizations of all sizes to implement the program more easily.