Kratos Defense and Security Solutions has secured authorization from the Cybersecurity Maturity Model Certification Accreditation Body to conduct cyber readiness assessments of companies seeking to compete for Department of Defense contracts.
Kratos said Tuesday it became one of the first two certified third-party assessment organizations under the CMMC program after passing the Defense Industrial Base Cybersecurity Assessment Center’s evaluation.
As a C3PAO, Kratos can now audit companies seeking CMMC certification at Maturity Levels 1 through 3 to protect controlled unclassified information and federal contract information.
“The recent spate of data breaches affecting both government and commercial organizations underscores the need for more robust security measures to protect critical information. … CMMC will be a critical component of heightened security as all companies will need to pass strict CMMC security assessments before being awarded DOD contracts,” said Phil Carrai, president of space, training and cyber division at Kratos.
Carrai added that Kratos’ experience in providing assessment and advisory services for the Federal Risk and Authorization Management Program and other compliance frameworks positions the company to support the CMMC program.
The company said its provisional assessor-led teams will perform CMMC assessments in four phases: planning, assessment, report findings and remediation. It expects those assessments to conclude in four to six weeks depending on the complexity of the evaluation.
The announcement came days after CMMC-AB named Redspin as the first C3PAO in the CMMC marketplace.