Ascolta announced today it has earned the Cybersecurity Maturity Model Certification (CMMC) Registered Provider Organization (RPO) certification. This new achievement solidifies the company’s position as a leader in CMMC compliance solutions and services meant to protect defense contractors across the Defense Industrial Base (DIB) and Department of Defense (DoD) supply chain.
Registered Provider Organization (RPO) status ensures that Ascolta has agreed to the CMMC Accreditation Body (AB) code of professional conduct, can deliver non-certified CMMC consulting services, and is listed on the CMMC-AB Marketplace. To be approved as a CMMC RPO, organizations must have a CMMC practice and employ staff trained in CMMC methodology. Ascolta offers CMMC hardened secure enclaves and documentation packages providing editable Microsoft Word and Excel templates written to satisfy CMMC Framework Level 3 requirements.
Wayne Hall, President and Chief Technical Officer at Ascolta states, “Instead of starting from scratch hardening your infrastructure to meet CMMC requirements, Ascolta provides NIST SP 800-171 compliant secure cloud environments, designed to protect customer data to DFARS standards. Our environments are CMMC ready and will meet the Good Cyber Hygiene rating (Level 3) required for contracts involving CUI. We provide our customers with the secure environment and necessary security documentation to include policy templates and completed Systems Security Plans.”
CMMC Supports IT Modernization and Supply Chain Security
CMMC is a new cybersecurity compliance standard that will be required for contractors to bid and win DoD contracts. The Defense Federal Acquisition Regulation interim rule took effect on November 30, 2020 and initial assessments are expected to begin in calendar year 2021.
According to the CMMC-AB, RPOs provide advice, consulting, and recommendations to their clients. They are the implementers and consultants, but do not conduct Certified Assessments. They understand the CMMC Standard, and are qualified as:
- Aware – Employs staff trained in basic CMMC methodology
- Registered Practitioner Staffed – Offers non-certified consultative services
- Targeted – CMMC assessment preparation
- Trusted – Bound by a professional code of conduct