Press release
Kratos Named One of the First Cybersecurity Maturity Model Certification (CMMC) Third Party Assessment Organizations (C3PAO)
SAN DIEGO, June 15, 2021 (GLOBE NEWSWIRE) -- Kratos Defense & Security Solutions, Inc. (Nasdaq: KTOS), a leading National Security Solutions provider,
About this update from Kratos Defense & Security Solutions, Inc.
[{"type":"text","content":"SAN DIEGO, June 15, 2021 (GLOBE NEWSWIRE) -- Kratos Defense & Security Solutions, Inc. (Nasdaq: KTOS), a leading National Security Solutions provider, announced today that it has been named by the federal government as one of the first two CMMC Third Party Assessment Organizations (C3PAO). As a C3PAO, Kratos will be able to conduct CMMC Level 1-3 assessments once the government completes certain preparatory and authorization steps. The CMMC is a new unified security standard and a certification process developed by the U.S. Department of Defense (DoD) to protect the security of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the Defense Industrial Base (DIB). In accordance with recent updates to DFARS 252.204, the Office of the Under Secretary of Defense (OUSD) will begin a phased rollout requiring contractors to achieve CMMC certification. Once the rollout is complete, nearly all companies seeking to respond to DoD proposal requests will require CMMC certification. Kratos has years of robust experience in compliance and certification, risk management and cyber operations, defense and engineering. Services include vulnerability assessments, enterprise security architecture design, application security testing and risk management processes. Kratos cybersecurity services support the development and operation of proactive cybersecurity programs, the development of enterprise cloud security strategies, and the establishment of sound and practical information security architectures tailored to organizational needs. Mark Williams, Vice President, Kratos Cybersecurity Services explained: “As a member of the DIB Kratos underwent a rigorous assessment by the Defense Industrial Base Cybersecurity Assessment Center, which was a key factor in its early C3PAO authorization by the CMMC AB.” Once authorized to begin conducting assessments. Kratos’ Provisional Assessor-led teams will conduct the CMMC assessments that consist of up to four phases. The Planning phase includes assessment plan development and an assessment readiness review. The Assessment phase includes collecting and validating the required Objective Evidence (OE) and generating final results. Presentation of the results occurs in the Report Findings phase. If issues are identified in the Report Findings phase, the Remediation phase is dedic...