The Cybersecurity Maturity Model Certification (CMMC) Accreditation Body (CMMC-AB) reviewed and confirmed several US cybersecurity and regulatory compliance consultant organizations through its recently established Registered Provider Organization (RPO) accreditation program. Among the newly registered RPO’s, Summit 7 was recently certified and accredited for its unique focus on DFARS and CMMC solutions for Microsoft’s Office 365, or Microsoft 365, and Azure Government. The company is one of the first firms approved for the RPO program with a cloud-first solution set for Department of Defense (DoD) suppliers using the enhanced security capabilities of the Microsoft Government Cloud platform. Moreover, Summit 7 provides added value to the RPO program as a member of the Microsoft AOSG program for Microsoft 365 GCC High licensing.
The CMMC-AB defines an RPO as an organization that has expertise and experience in the cybersecurity field or related support fields that intend to establish consulting agreements with Organizations Seeking Certification (OSC) through non-certified solutions. Summit 7 met these criteria through demonstrated thought leadership within the industry and investments made to map the Microsoft cloud platforms and associated modern security products to NIST 800-171 and CMMC Level 3 practices and processes.
As a demonstration of Summit 7’s thought leadership, the company most recently hosted a conversation with one of Microsoft’s Aerospace and Defense leaders, Richard Wakeman, about the Microsoft CMMC Acceleration Program (AP). The AP is the latest of Microsoft’s efforts to prepare the DIB for CMMC assessments and looks to provide readiness materials for compliance. Richard Wakeman, one of Microsoft’s Aerospace and Defense leaders described the program and how an RPO like Summit 7 provides guidance to compliance in the Microsoft cloud “Closing the gap to 100% is going to be partly the customer’s responsibility, in which case we rely heavily on our partner community…and are looking to enable (partners)- like Summit 7 - to address and help with configuration. It’s been wonderful working with Summit 7 in helping to put together artifacts [for industry]”.
Scott Edwards, President and CEO of Summit 7, remarked on the RPO accreditation, “We are honored to join a highly qualified group of practitioners and further align Summit 7 to the honorable mission of the CMMC-AB in securing the DoD supply chain and protecting our military’s greatest assets.” CMMC-AB members and volunteers conducted rigorous reviews and background checks of each RPO applicant to validate that the company upholds the CMMC-AB’s guiding principles. Furthermore, CMMC-AB agreements place explicit guidelines on RPO conduct and standards to protect the overall sanctity of CMMC.
DFARS 252.204-7021 went into effect on November 30th and codified the CMMC program into the DoD’s acquisition framework. CMMC RPO’s are now a critical component of overall industry preparations for 2021 solicitations and continued progress through 2025, when all procurements will mandatorily include CMMC requirements.
About Summit 7 Systems
Summit 7 Systems is a national leader in cybersecurity and compliance for the Aerospace and Defense industry and corporate enterprises. Summit 7 won the 2020 Microsoft US Partner Award in Security and Compliance for its Microsoft Cloud solutions regarding CMMC, DFARS, NIST 800-171, ITAR, and CUI. Summit 7 Systems is privately held and headquartered in Huntsville, Alabama.
About Microsoft 365 GCC High
Microsoft 365 GCC High is built on Microsoft Azure Government within dedicated US-sovereign data centers. Azure Government is currently certified to FedRAMP High, as well as the entire suite of GCC High services hosted in Azure Government. Many DoD contractors choose GCC High and Azure Government because the infrastructure is managed by background checked US persons, Microsoft attests to meet DFARS flowdown clauses, and reporting requirements for regulatory compliance.