PITTSBURGH, Dec. 17, 2020 /PRNewswire/ -- Troy J. Fine, Senior Manager of Risk Advisory Services at Schneider Downs, has qualified as a Cybersecurity Maturity Model Certification (CMMC) Provisional Assessor, enabling him to provide CMMC assessments for Department of Defense (DOD) prime and sub-contractors. Mr. Fine will serve as one of only 101 certified assessors nationally under the CMMC-Accreditation Body (CMMC-AB) who are available to assess companies currently in need of a certified CMMC assessment.
As part of the provisional assessor program, Troy will be piloting the assessment process and providing valuable feedback to the CMMC-AB and the DOD on how to improve the program. Troy is also in the process of assisting Schneider Downs with its CMMC Third-Party Assessor Organization (C3PAO) application. Schneider Downs has submitted its C3PAO application to the CMMC-AB and hopes to be a C3PAO by early 2021. Schneider Downs was recently awarded its CMMC Registered Provider Organization (RPO) status in November 2020. The provisional assessor program is slated to end in mid-2021. A that time, Troy and other Schneider Downs personnel plan on completing the formal certified assessor training and certification program for CMMC levels 1-3.
Schneider Downs currently offers CMMC readiness and consulting services as a Registered Provider Organization (RPO). The firm recommends any organizations seeking certification (OSC) begin readiness planning at least six months prior to their first certification audit. Schneider Downs has applied to be among the first CMMC Third-Party Assessor Organizations (C3PAO) to offer certification assessments in the 2021 calendar year. OSCs should note that a single firm cannot perform both consulting and audit services for a single client per the CMMC-AB standards.
The CMMC is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over hundreds of thousands of contractors across the nation. The DOD created the CMMC compliance standard to improve the security of the supply chain of the DIB.
New legislation requires third-party assessments of contractors' compliance with the standardized practices and procedures – making it essential to involve an assessor with CMMC certification. Contractors that receive Federal Contract Information (FCI) and/or Controlled Unclassified Information (CUI) will not be able to do business with the DOD without complying with CMMC requirements.
The CMMC framework adds a certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity model. CMMC is designed to provide increased assurance to the DOD that a DIB contractor can adequately protect FIC and CUI at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.
About Schneider Downs & Co., Inc.
Schneider Downs' dedicated IT audit and compliance practice works with organizations across the country to help them gain valuable insights into their processes and technologies. Schneider Downs partners with clients to provide comprehensive IT audits and compliance reviews that will ensure your organization has effective and efficient technology controls that better align the technology function with their business and risk strategies.
Schneider Downs is a regional accounting and business consulting firm providing tax, audit and business advisory services to public and private companies and nonprofit organizations. The firm offers more than 80 services from five business units: Assurance and Tax Advisors; Business Advisors; Technology Advisors; Wealth Management Advisors; and Corporate Finance Advisors. With offices in Pittsburgh, Columbus and the District of Columbia, the firm serves clients with local, national and global interests.
SOURCE Schneider Downs