Kratos Announces Cybersecurity Maturity Model Certification (CMMC) Advisory Services

September 16, 2020


Kratos Defense & Security Solutions, Inc. (Nasdaq: KTOS), a leading National Security Solutions provider, announced today that it is offering CMMC pre-certification advisory services to commercial organizations and Department of Defense (DoD) contractors seeking CMMC compliance. CMMC advisory services currently include strategic and operational consulting services, gap assessment and remediation services, and documentation services.

As Mark Williams, Vice President, Kratos Cybersecurity Services explained: “Unlike most organizations offering CMMC Advisory services, Kratos is one of the first and largest FedRAMP third party assessment organizations (3PAO), is a member of the Defense Industrial Base (DIB) and sells to the DoD.  As a result, we have a unique understanding and insight into how CMMC requirements impact DIB organizations and what can/should be done to satisfy these requirements.” FedRAMP is a U.S. government-wide certification program in which all cloud service providers (CSPs) must be authorized to provide cloud services to the U.S. Government.

Rather than the typical ‘cookie-cutter’ approach to compliance taken by most advisory companies, Kratos has tailored its approach  to address an organization’s DIB specific issues and pain points and to integrate CMMC with the organization’s existing non-DIB specific compliance standards including the Federal Risk and Authorization Management Program (FedRAMP), ISO 27001, Payment Card Industry (PCI),  National Institute of Standards & Technology (NIST) Special Publication 800-53 and the NIST Risk Management Framework (RMF).

Kratos Cybersecurity Services is currently providing CMMC Advisory Services for Kratos and other DIB companies, including a recently completed CMMC gap assessment for a major networking and IT company.

CMMC is a unified security standard and a certification process developed by the U.S. DoD designed to protect the security of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the DIB. Consisting of five levels of security standards ranging from Basic to Advanced, CMMC will be phased into DoD RFPs by early 2021. All levels will be certified by CMMC Third Party Assessment Organizations (C3PAO), which will conduct thorough on-site assessments and evaluations. Kratos is now undergoing the C3PAO accreditation process.

Source : Kratos Defense & Security Solutions

Kratos Announces Cybersecurity Maturity Model Certification (CMMC) Advisory Services