C3PAOs and the Types of Assessments Within the CMMC Program

The Cybersecurity Maturity Model Certification (CMMC) program was first introduced in 2020 as a proactive attempt by the United States Department of Defense (DoD) to protect the nation from cyber attacks. The DoD will require that organizations within its supply chain, members of the Defense Industrial Base (DIB) and those seeking contracts comply with CMMC 2.0 requirements based on FAR 52.204-21, DFARS 2252.204-7012 and the controls within the National Institute of Standards and Technology Special Publication 800-171.

As the timeline to comply with CMMC 2.0 approaches, members of the DIB  must now begin the process of selecting a Certified-Third Party Assessor Organization (C3PAO) to partner with in order to successfully complete the necessary assessments and reviews for remediation.

In part one of our webinar series, we discussed a holistic overview of the CMMC ecosystem, including a program breakdown, compliance timeline and top FAQs about seeking certification. In part two of our CMMC webinar series, our cybersecurity experts will explain what a C3PAO is, the types of assessments that they can provide and what it means for organizations seeking certification (OSC). 

What We Cover

• What is a Certified Third-Party Assessor Organization (C3PAO)
• The Cyber Accreditation Body (Cyber AB) Code of Professional Conduct
• The types of assessments that a C3PAO can provide and what they entail
  • Gap Assessments
  • Readiness Reviews
  • Joint Surveillance Voluntary Assessment Program (JSVAP)
  • CMMC Level 2 Assessment

Request Access to Webinar

Presenters

Robert Ems, Global Cybersecurity Program Manager, ABS QE

Robert Ems serves as Global Cybersecurity Program Manager for ABS Quality Evaluations Inc. (ABS QE), leading a world-class team of cybersecurity professionals in cybersecurity audits, assessment services and consulting engagements for clients around the world. Rob is a retired DoD Civilian with 25 years of service in which he held multiple positions, including providing government oversite to DoD contractors and leading the cybersecurity efforts for a weapon system acquisition effort. Rob is also a CMMC Registered Practitioner (RP) with the Cyber AB and is in the process of becoming a Certified CMMC Professional and a Certified CMMC Assessor.   

Larry Chaffin, Cybersecurity Technical Manager, ABS QE

Larry Chaffin is a highly experienced Certified Information Systems Security Professional (CISSP) with a career spanning over 20 years in the cybersecurity field. He possesses extensive expertise in conducting assessment and authorization processes within various government entities such as the DoD and the Department of Justice (DoJ). Additionally, Larry has executed cybersecurity protocols for missile and defense programs, enterprise business systems, national security systems, collateral programs and Special Access Programs (SAP).

About ABS Quality Evaluations

About ABS Group

ABS Group of Companies, Inc. (www.abs-group.com), through its operating subsidiaries, provides technical advisory and certification services to support the safety and reliability of high-performance assets and operations in the oil, gas and chemical, power generation, marine, offshore and government sectors, among others. Headquartered in Houston, Texas, ABS Group operates with more than 1,000 professionals globally. ABS Group is a subsidiary of ABS (www.eagle.org), a leading marine and offshore classification society.