in Cybersecurity, DOD, News

ASRC Federal Achieves CMMC Level 2 Certification

Photo: ASRC Federal
ASRC Federal logo. The company underwent a C3PAO assessment and achieved CMMC Level 2 certification.
ASRC Federal
  • ASRC Federal has undergone a C3PAO assessment and achieved CMMC Level 2 certification
  • The certification means the company has fully implemented the 110 security controls under NIST SP 800-171
  • ASRC Federal CISO Ron Davis says only about 1,000 government contractors are fully CMMC Level 2 certified

ASRC Federal has achieved level 2 certification under the Cybersecurity Maturity Model Certification framework, which the Department of War established to ensure that defense industrial base contractors are capable of protecting sensitive government data, such as federal contract information and controlled unclassified information, from various cyber threats.

What Does CMMC 2.0 Level 2 Certification Mean?

ASRC Federal said Thursday that its certification indicates full implementation of the 110 security controls under National Institute of Standards and Technology Special Publication 800-171. It is proof of the company’s “strong cybersecurity defenses” and demonstrates “our ability to safeguard the nation’s most sensitive defense data environments across our people, processes and technologies,” ASRC Federal Chief Information Security Officer Ron Davis said.

For his part, company Chief Information Officer John Pisano said that the certification “highlights our culture of operational excellence and commitment to protecting critical data that drives U.S. missions” and that it “reflects our core values of teamwork, accountability, integrity and continuous improvement and highlights the vital role of collaboration across our entire organization.”

How Many GovCons Have Achieved CMMC Level 2 Certification?

Davis notes that only a little over 1,000 companies are so far fully certified for CMMC Level 2. These include companies like Charles F. Day & AssociatesIntelligent WavesC Speed and Peraton. The ASRC Federal CISO estimates that this figure comprises about 2% of the total number of organizations that must become compliant.

Non-compliance would mean an affected GovCon would be barred from competing for relevant solicitations. Of particular significance is the impending phase 2 of the CMMC rollout. Expected to go into effect this November, phase 2 would make assessments via Certified Third-Party Assessor Organizations, or C3PAOs, mandatory for relevant contract opportunities.

ASRC Federal’s CMMC certification was done by an independent C3PAO evaluation.

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Cybersecurity

mm

Written by Jerry Petersen

Photo: Photo / Carahsoft
Carahsoft's Mike Adams. He said his company's partnership with Scale AI streamlines federal access to the latter's offerings.
Carahsoft Makes Scale AI Capabilities Available on GSA Schedule
Photo: Everforth ECS
Scott Hoge. The Everforth ECS VP discussed prioritizing platform engineering, post-quantum cryptography and digital twins.
Everforth ECS Executive Scott Hoge Urges Focus on Platform Engineering, PQC, Digital Twins