Schellman Now an Authorized CMMC Third Party Assessment Organization (C3PAO)

October 19, 2021 Schellman Compliance

 

Schellman becomes the first compliance services firm authorized by the CMMC AB and the 5th C3PAO Overall

October 19, 2021 (Tampa, FL) – Schellman is pleased to announce that we are now an authorized Cybersecurity Maturity Model Certification (CMMC) Third Party Assessment Organization (C3PAO). Overseen by the Department of Defense (DoD) alongside the CMMC Accreditation Body (CMMC AB), the CMMC program is designed to enforce consistent cybersecurity practices across the hundreds of thousands of defense contractors that participate in and make up the Defense Industrial Base (DIB). A group that now includes Schellman, C3PAOs are the independent assessment organizations that work alongside advisory and training providers to improve cybersecurity practices and protect the sensitive information maintained by the DIB participants.

Though just the fifth firm to be authorized overall within this program, Schellman is actually the first organization who is focused solely on compliance. CMMC now joins an extensive set of offerings that already included FedRAMP 3PAO assessments, SOC 2 and SOC 1 examinations, globally accredited PCI assessment services, ISO 27001, ISO 27701, ISO 9001, and ISO 22301 certifications, as well as HITRUST CSF assessments and CSA STAR certifications and attestations.

“We are thrilled to join the first four authorized C3PAOs to help pave the way forward for CMMC,” said Doug Barbin, managing principal and chief growth officer for Schellman. “Our experience and reputation as a leading FedRAMP assessor, as well as our multiple trained CMMC provisional assessors on staff and our expertise in ISO and other security and privacy domains, provided a sound basis to be the first 100% assessment firm to join the authorized ranks. Now that we are here, we also look forward to continuing to support CMMC AB, other C3PAOs, consultants, trainers, and other members of the CMMC community.”

Currently, there are more than 180 listed “candidate C3PAOs” undergoing the same process that Schellman has now completed to receive authorization—a process that required extensive assessment by the audit team at the Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center, who reviewed Schellman’s policies, procedures, and technical controls for protecting CMMC assessment related data based on the same CMMC level 3 controls. But with that review complete and the authorization now active, Schellman is in a better position to serve its clients.

“Schellman’s history is not in government contracting, but in performing complex technology-enabled assessment services for clients who work in federal, healthcare, and other regulated industries,” said Avani Desai, chief executive officer of Schellman. “That experience, our acute attention to quality and our new status as an authorized C3PAO will allow us to continue helping our clients convey trust to their customers, regulators, and stakeholders—now in a new way.”

Though as of this date, the CMMC program is still awaiting formal launch by the Department of Defense for inclusion in DoD contracts, such is expected in the coming months. As we currently only offer assessment services, Schellman welcomes organizations who are working to build out their compliance programs to reach out to contact Schellman via our website.

For more information on CMMC itself, please reference Schellman’s content hub.

 

About Schellman

Schellman & Company, LLC along with Schellman Compliance, LLC (Schellman) is a leading provider of attestation and compliance services. Schellman is a CPA firm, a globally licensed PCI Qualified Security Assessor, an ISO Certification Body, HITRUST CSF Assessor, a FedRAMP 3PAO, and most recently, an authorized C3PAO. Renowned for expertise tempered by practical experience, Schellman's professionals provide superior client service balanced by steadfast independence. Our approach builds successful, long-term relationships and allows our clients to achieve multiple compliance objectives through a single third-party assessor.

 

About the Author

Schellman Compliance

Schellman is a leading global provider of attestation, compliance, and certification services. Operating as an alternative practice structure as Schellman & Company, LLC, a top 100 CPA firm, and Schellman Compliance, LLC, a globally accredited compliance assessment firm, we are able to offer clients services as a CPA firm, an ISO Certification Body, a PCI Qualified Security Assessor Company, a HITRUST assessor, a FedRAMP 3PAO, and as one of the first CMMC Authorized C3PAOs. Renowned for expertise tempered by practical experience, Schellman's professionals provide superior client service balanced by steadfast independence. Schellman's approach builds successful, long-term relationships and allows our clients to achieve multiple compliance objectives using a single third-party assessor. For more information, please visit schellman.com.

More Content by Schellman Compliance
Previous Video
CMMC and FedRAMP Updates to Kick Off 2022
CMMC and FedRAMP Updates to Kick Off 2022

Next Article
Navigating FedRAMP’s Security Requirements for Containers
Navigating FedRAMP’s Security Requirements for Containers

For CSPs looking to better understand FedRAMP security requirements for containers, Schellman Manager Matt ...