Booz Allen licensed by Cyber AB as C3PAO
Member of the Government Technologies and Services Coalition, Booz Allen Hamilton, has been authorized by Cybersecurity Maturity Model Certification (CMMC) accreditation body (The Cyber AB) as a CMMC Third-Party Assessment Body (C3PAO), strengthening the company’s ability to provide services Comprehensive CMMCs that allow customers to prepare for and obtain certification. Booz Allen is among the first to become an authorized C3PAO in the CMMC ecosystem.
To help Department of Defense (DOD) contractors and contractors prepare for and achieve certification, Cyber AB has created two non-government roles: the Registered Supplier Organization (RPO) and the C3PAO . Booz Allen has been an authorized RPO since February 2021, providing consulting services to clients in their preparation for obtaining their CMMC, and is now an authorized C3PAO, assessing clients and issuing their certificates.
CMMC is a DOD program designed to protect the Defense Industrial Base (DIB) against increasingly frequent and complex cyberattacks. It aims to strengthen the protection of controlled unclassified information (CUI) and federal contract information (FCI) shared within the DIB. CMMC is designed to provide the DOD with increased assurance that a DIB company can adequately protect sensitive CUI and FCI, considering the flow of information to contractors in a multi-tier supply chain.
Booz Allen worked closely with the federal government to establish and refine the new CMMC framework. The company is a trusted adviser to the DOD, with experts working in the Office of the Undersecretary of Defense for Acquisition and Sustainment, the Pentagon’s CMMC epicenter, to help guide its deployment. For the past several years, Booz Allen has partnered with the DOD to guide the CMMC program and its subsequent deployment.
The Department of Defense (DOD) and Cyber AB released the revamped CMMC 2.0 in December 2021. The framework is part of a multi-year, phased effort that requires DIB members to implement cybersecurity measures to protect FCI and CUI within their unclassified networks. The simplified framework is intended to make it easier for organizations of all sizes to implement the program.