Press Release

Coalfire Federal Becomes CMMC Registered Provider Organization (RPO)

January 13, 2021

Leading Cybersecurity Services Provider to DIB Announces a Comprehensive Portfolio of Cybersecurity Maturity Model Certification (CMMC) Advisory Services

WASHINGTON, DC – January 13, 2021 – Coalfire Federal, a leading cybersecurity services provider to the federal government and Defense Industrial Base (DIB), today announced it has been approved as a Registered Provider Organization (RPO) by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB).

The CMMC framework is a set of mandatory cybersecurity requirements that all contractors within the DoD supply chain will be required to implement and, beginning this year, to have verified by an independent CMMC Third Party Assessment Organization (C3PAO). CMMC was created to address the ongoing theft and unauthorized access to Controlled Unclassified Information (CUI) by foreign adversaries through the enforcement of good cyber hygiene and best practices.

“RPOs will play a critical role within the CMMC ecosystem”, said Coalfire Federal President Bill Malone. “The DoD estimates that over 300,000 organizations across the DIB will be required to implement CMMC to improve the operational readiness and security posture of the supply chain. CMMC requirements are exacting, and many organizations, especially small to medium sized business, lack the internal resources, cybersecurity expertise, and understanding of the framework necessary to implement them successfully. That’s where Coalfire Federal comes in.”

The CMMC framework establishes five certification levels that define the minimum security posture or maturity an organization must achieve as determined by the sensitivity of the information they handle. Eligibility to receive a new DoD contract award or renewal is dependent on achieving CMMC certification outlined in the program’s acquisition strategy or RFP. Coalfire Federal has created a suite of advisory services to help organizations effectively plan and prepare for an official CMMC assessment:

CUI Scope and Boundary Determination Workshop – defines where CMMC requirements apply by identifying who handles CUI and where it is created, received, stored, and shared on contractor information systems;

Gap Analysis – identifies discrepancies between current state and CMMC requirements for an organization’s target maturity level, and the sufficiency of evidence and documentation to demonstrate process maturity;

Remediation Strategy – creates the plan to close existing gaps and formalize processes and documentation maturity;

Remediation Support – support and participation in design of required infrastructure changes, implementation of controls, policy development, documentation, and System Security Plan creation;

v-ISO (Virtual Information Security Officer) - experienced cyber security consultants who provide oversight, guidance, and support to ensure continuous maturity and compliance as threats, infrastructure and business objectives evolve.

“In addition to being an RPO, Coalfire Federal is a CMMC Third Party Assessment Organization (C3PAO) with a deep bench of Provisional Assessors, Registered Practitioners and compliance consultants”, continued Malone. “We bring a strong understanding of the CMMC certification process and assessment criteria to organizations preparing for CMMC, as well as years of experience advising organizations across the DIB, supporting their NIST 800-171 compliance and FedRAMP certification programs.”

Selecting a CMMC Advisory Services partner is an important, strategic decision and investment. Experience and knowledge matter. Undersecretary of Defense Ellen Lord warned in a March 2020 statement that some third-party entities are misrepresenting their capabilities with respect to CMMC. The right partner can minimize the time and cost to achieve cyber maturity and prepare to pass an assessment audit.

About Coalfire Federal

Coalfire Federal is a U.S. company with offices in Virginia, and Maryland. Our company has nearly 20 years’ experience providing cybersecurity services to a wide range of government and commercial organizations enabling and protecting their mission-specific cyber objectives. Coalfire Federal is the leading FedRAMP 3PAO and offers a full spectrum of cybersecurity risk management and compliance services. For more information about Coalfire Federal and CMMC, contact us at or visit:


For media inquiries:
Mike Gallo
(212) 239-8594