The OKC tech company’s Cybersecurity Maturity Model Certification is the first for an Oklahoma company and only the eighth in the nation.
Guernsey is now the first and only company in Oklahoma, and one of only eight in the nation, authorized to conduct Cybersecurity Maturity Model Certification Assessments of companies around the nation, as an anticipated requirement of the Department of Defense.
The venerable certification comes after Guernsey’s cybersecurity practice completed the DCMA DIBCAC’s CMMC 2.0 Level 2 Assessment, achieving the status as an authorized CMMC Third-Party Assessor Organization. C3PAOs are organizations authorized by the CMMC Accreditation Body to conduct CMMC assessments on Organizations Seeking Certification.
“Guernsey first started participating in the CMMC ecosystem in March 2020 and began the application process back in October 2020,” said Guernsey Director of Cybersecurity Consulting Timothy Fawcett, CISSP, CISA, CSSA. “After a lengthy process, we have now earned the distinction of being Oklahoma’s first and the nation’s eighth CMMC Assessment Authorization, helping Oklahoma standout as a friendly place for the DoD to do business.”
The CMMC is a program created by the DoD to enhance cybersecurity standards for companies within the Defense Industrial Base (DIB). The program is in response to increasingly frequent and severe cyberattacks against the DIB and aids in the protection of intellectual property, trade secrets, and other sensitive information.
“Cybersecurity is more critical now than ever, and these CMMC assessments will help companies performing and seeking DoD contracts get ahead of federal requirements,” Fawcett said. “As a DoD contractor that’s passed a CMMC Level 2 Assessment required to become a C3PAO, we know how to get through the assessment and will be a beneficial asset to other companies that need to implement CMMC or desire the peace of mind that comes from a CMMC-grade cybersecurity training and review.”
In November 2021, the DoD announced an upgrade to the CMMC program, CMMC 2.0. While the DoD is not yet allowing assessments to take place, it is indicated that authorized C3PAOs will be able to start performing voluntary assessments prior to the requirement take place. The authorization makes Guernsey uniquely qualified to prepare businesses for a CMMC assessment through consulting and recommendations on CMMC processes and assist with the implementation. Once the DoD permits assessments, Guernsey can lead and perform CMMC Level 2 assessments.
“Guernsey has been instrumental in helping our utility complete CMMC,” Nueces Electric Cooperative IT Director Sergey Seryogin said. “Their expert knowledge of the industry empowered our organization to be proactive and diligent, which in turn made people from the Pentagon very happy.”