AUSTIN, TX (June 9, 2021) - Redspin, a division of CynergisTek (NYSE American: CTEK), is the first organization to successfully pass the Cybersecurity Maturity Model Certification (CMMC) Level 3 certification as a Candidate CMMC Third Party Assessor Organization (C3PAO). Specifically, Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) determined Redspin’s security practices and processes met the requirements of CMMC Level 3 and, subsequently, the CMMC Accreditation Body has credentialed Redspin, as an Authorized C3PAO ready to conduct CMMC assessments.
The United States Department of Defense (DoD) is aiming to reduce the estimated $600 billion in cybercrime losses impacting the nation’s military supply chain every year by requiring a third-party cyber security assessment of contractors with access to federal contract information (FCI) and controlled unclassified information (CUI). With this authorization, Redspin can now work contractually with Organizations Seeking Certification (OSCs) to conduct assessments based on CMMC Levels 1-3. In the CMMC model, Defense Industrial Base (DIB) contractors cannot negotiate on security – it becomes a mandatory requirement to secure or renew a DoD contract.
The preparation for this certification is intensive and involves rigorous documentation, evidence of process maturity, appropriate resourcing of security controls and organization-wide training. CMMC’s lofty goal is to ensure that third-party organizations implement protections against cybersecurity threats to U.S. national security. It’s likely only the first step in a broader federal agency push to require more accountability from private sector vendors in the wake of recent supply chain incidents including SolarWinds and vulnerabilities in Microsoft Exchange.
“As an organization that has performed more than a thousand assessments in other highly regulated industries, CMMC has been a key component of our growth strategy for more than a year. We set out on a mission, we knew we had the team, but it has been an all-hands effort to develop the tools and requisite intellectual property to prepare for CMMC certification. Being first to be authorized is a testament to the dedication of our people to deliver on that strategy to improve security of the nation’s supply chain,” said Caleb Barlow, president and CEO of CynergisTek. “We have the resources on the ready and the last step was the formal authorization which we received today. Our executives, consultants, and provisional assessors are looking forward to working with DIB suppliers to assess, build and validate their cyber resiliency.”
Redspin (www.redspin.com), a division of CynergisTek, Inc., is a best-in-class cybersecurity company providing security testing, assessments, validation, and consulting services to many Fortune 500 and leading growth companies in highly regulated industries including government, financial, technology, and manufacturing. Redspin’s objective is to improve organizations’ cyber readiness and resiliency through a strategic and proven approach to reduce cyber risks and safeguard sensitive information.
Cautionary Note Regarding Forward Looking Statements
This release contains certain forward-looking statements relating to the business of CynergisTek, Inc.. These forward-looking statements are within the meaning of Section 27A of the Securities Act of 1933, as amended (the “Securities Act”) and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”) and can be identified by the use of forward-looking terminology such as “believes,” “expects,” “anticipates,” “would,” “could,” “intends,” “may,” “will,” or similar expressions. Such forward-looking statements involve known and unknown risks and uncertainties, including but not limited to uncertainties relating to product/services development; long and uncertain sales cycles; the ability to obtain or maintain proprietary intellectual property protection; future capital requirements; competition from other providers; the ability of the Company’s vendors to continue supplying the Company with supplies and services at comparable terms and prices; the Company’s ability to successfully compete and introduce enhancements and new features that achieve market acceptance and that keep pace with technological developments; the Company’s ability to maintain its brand and reputation and retain or replace its significant customers; cybersecurity risks and risks of damage and interruptions of information technology systems; the Company’s ability to retain key members of management and successfully integrate new executives; the Company’s ability to complete acquisitions, strategic investments, entry into new lines of business, divestitures, mergers or other transactions on acceptable terms, or at all; potential risks and uncertainties relating to the existing and ultimate impact of COVID-19, including the geographic spread, the severity of the virus, the duration of the COVID-19 outbreak, actions that may be taken by governmental authorities to contain the COVID-19 outbreak or to treat its impact, and the potential negative impacts of COVID-19 on the global economy and financial markets, and other factors that may cause actual results to be materially different from those described herein as anticipated, believed, estimated or expected. Certain of these risks and uncertainties are or will be described in greater detail in the Company’s Form 10-K and Form 10-Q filings with the Securities and Exchange Commission, which are available at http://www.sec.gov. Given the risks and uncertainties, readers should not place undue reliance on any forward-looking statement and should recognize that the statements are predictions of future results which may not occur as anticipated. Many of the risks listed above have been, and may further be, exacerbated by the COVID-19 pandemic, including its impact on the healthcare industry. Actual results could differ materially from those anticipated in the forward-looking statements and from historical results, due to the risks and uncertainties described herein, as well as others not now anticipated. CynergisTek is under no obligation (and expressly disclaims any such obligation) to update or alter its forward-looking statements whether as a result of new information, future events or otherwise.