Mr. Leighton Johnson, VCSG CTO, has been selected to plan, implement, and mold the CMMC Pilot Program being deployed starting in the Fall of 2020 as a Provisional Assessor.
The nature of this appointment is described by Ben Tchoubineh, the CMMC-AB’s Training Committee Chairman:
“We’re going to go out to industry and recruit what I call the first class of Assessors…Now this is going to be a very select group of seasoned and highly experienced Assessors and we’re going to look for 60 candidates to pass the exam and go through the course of pass the exam and be part of the first class. Remember these guys are going to work with us in a very close manner you know under lots of control and making sure that in this limited way we learn from them and they learn from us "
Paul Gozaloff is the Managing Consultant for the Veterans Cybersecurity Group, Inc (VCSG). VCSG is an organization run by veterans providing Cybersecurity consulting and Risk Management Services to Federal Agencies and Government Contractors. The emerging new opportunity for federal cybersecurity assessors, like VCSG, is the new Cybersecurity Maturity Model Certification (CMMC).
As a Service-Disabled Veteran-Owned Small Business (SDVOSB) VCSG is heavily engaged in the CMMC Pilot Program and meets the set-aside procurement authority for the Veterans First Contracting Program.This federal program affords firms like VCSG that are owned and controlled by Service-disabled Veterans the opportunity to compete for Veterans Administration set asides
The Department of Defense is aware that some entities have made claims of being able to provide CMMC certifications for the purposes of contracting with the DoD. The requirements for becoming a CMMC Third Party Assessment Organization (C3PAO) are not yet established. As a result, there are no third-party entities at this time that have been credentialed to conduct a official CMMC assessment which will be accepted by the CMMC Accreditation Body.
Veterans Cybersecurity Group assessors are currently Provisional Assessors in the CMMC Pilot. In addition to this pioneering head start by our provisional assessor other VCSG professionals/assessors have already been accepted into the CMMC Program starting January of 2020. Gaining this head start by both assisting in designing and piloting the CMMC Pilot Program positions VCSG to become among the first official third party assessment organizations (3PAO)
CMMC requires government contractors to achieve certain cybersecurity standards in order to qualify for contract awards. But these standards are also designed to protect the networks of government contractors too regardless of the goods or services they provide to the Defense Industrial Base (DIB).
As our Provisional CMMC Assessor is currently assisting the CMMC AB in defining the future requirements of the CMMC Levels (1-5) we can currently assist government contractors who are now required to self-assess according to the current DFARS/NIST SP800171r2 requirements with the insight and goal of CMMC accreditation on day one.