Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
 

So you are a defense contractor or maybe you are participating in a large defense contract. As a result, you may have heard that you need to comply with CMMC. Let's talk about what that is.

I'm Doug Barbin, managing principal, and chief growth officer at Schellman. Schellman is one of the first authorized C3PAOs or CMMC third-party assessment organizations. CMMC is the Cybersecurity Maturity Model Certification created by the Department of Defense, and it was created to provide a baseline security standard for government contractors that may handle sensitive information on behalf of the DoD. The program itself comes from a set of standards that have been around for some time, specifically the NIST 800-171 standard, which governs the use of sensitive information that is shared with defense contractors as part of doing work with the DoD.

What was needed, however, was a uniform program to oversee not just the larger defense contractors that may be handling sensitive information, but all of the subcontractors beneath them that may roll up as part of a larger defense contract.

If you take, for example, Raytheon or Northrop Grumman, they may have large (hundreds of millions of dollars) government contracts, and they may get sensitive information as part of that contract. At the same time, they may use a hundred or hundreds of subcontractors to perform services under that contract. Anyone in that chain who has access to or handles sensitive information (there's a variety of different types) would potentially fall under CMMC. What that means is that an organization such as Schellman may come in and perform an assessment of the security controls and requirements that a company has for handling that information.

So whether you're a defense contractor performing work directly for the DoD or potentially a subcontractor performing work for a larger defense contractor, contact us today to learn more about your potential obligations, what CMMC means to you, and how Schellman can potentially assist. 

About Douglas Barbin

As Chief Growth Officer and firmwide Managing Principal, Doug Barbin is responsible for the strategy, development, growth, and delivery of Schellman’s global services portfolio. Since joining in 2009, his primary focus has been to expand the strong foundation in IT audit and assurance to make Schellman a market leading diversified cybersecurity and compliance services provider. He has developed many of Schellman's service offerings, served global clients, and now focuses on leading and supporting the service delivery professionals, practice leaders, and the business development teams. Doug brings more than 25 years’ experience in technology focused services having served as technology product management executive, mortgage firm CTO/COO, and fraud and computer forensic investigations leader. Doug holds dual-bachelor's degrees in Accounting and Administration of Justice from Penn State as well as an MBA from Pepperdine. He has also taken post graduate courses on Artificial Intelligence from MIT and maintains multiple CPA licenses and in addition to most of the major industry certifications including several he helped create.