Press Release

Coalfire Federal Among First C3PAOs Authorized to Perform CMMC Audits

December 22, 2020

Leading FedRAMP Third-Party Assessor and Defense Industry Cybersecurity Advisor Ideally Suited to Support CMMC Launch

WASHINGTON, DC – December 22, 2020 – Coalfire Federal, a leading cybersecurity services provider to the federal government and Defense Industrial Base (DIB), today announced its selection by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) to become one of the first firms authorized to perform CMMC audits.

The CMMC framework was created to address the ongoing theft and unauthorized access to Controlled Unclassified Information (CUI) by foreign adversaries through the enforcement of good cyber hygiene and best practices. The CMMC framework is a set of mandatory cybersecurity requirements that all contractors in the DoD supply chain must implement and then have verified by an independent CMMC Third-Party Assessment Organization (C3PAO). Five certification levels define the minimum security posture or maturity an organization must achieve as determined by the sensitivity of the information they handle. Organizations handling CUI must be certified at CMMC Level 3 or higher.

“We are honored to have been selected as an initial C3PAO and appreciate the special responsibility that comes with being first,” said Coalfire Federal President Bill Malone. “As we experienced through the rollout of FedRAMP, we expect there will be lessons learned about the implementation and verification of CMMC practices and processes during the inaugural audits of 1,500 Pathfinder companies that will be performed in 2021. Like the success we’ve seen in our partnership with the FedRAMP Program Management Office, we look forward to a collaborative relationship with the CMMC-AB to help ensure the successful rollout and implementation of the CMMC framework.”

Over the last year, the Coalfire Federal team has participated as volunteers in the CMMC-AB Working Group responsible for creating the assessment criteria and methodologies to support the CMMC framework. Coalfire Federal employees were selected to participate in the Provisional Assessor training program and have successfully completed their training and earned their Provisional Assessor credentials. Coalfire Federal is also a CMMC Registered Practitioner Organization (RPO) capable of providing CMMC advisory services to DIB companies seeking assistance as they prepare for an official CMMC audit.

“The ongoing theft of sensitive defense information by our adversaries and the impact on national security is too important a problem to go unsolved,” continued Malone. “Coalfire Federal is committed to providing cybersecurity services that enable and protect the mission of the DoD and its supply chain.”

About Coalfire Federal
Coalfire Federal is headquartered in the National Capital Region and has nearly 20 years’ experience providing cybersecurity services to government and commercial organizations by enabling and protecting their mission-specific cyber objectives. Coalfire is the leading FedRAMP 3PAO and offers a full spectrum of cybersecurity risk management and compliance services. For more information about Coalfire Federal and CMMC, contact us: or visit: