Agreement Enables Defense Contractors to Achieve Level 3 Certification

SAN JOSE, Calif.— — Dec. 15, 2020 — SPYRUS Solutions, Inc (“SPYRUS”) announced today a partnership with The Crestridge Group, LLC (“CRG”) to ensure that its customers in the Defense Industrial Base (DIB) are compliant with the NIST 800-171(r2) securing controls. As the Cybersecurity Maturity Model Certification (CMMC) requirements evolve our customers will be ready to meet the latest security and compliance challenges. Secure enclaves are designed to protect Controlled Unclassified Information (CUI), Federal Contract Information (FCI), and Covered Defense Information (CDI). CMMC is designed to provide increased assurance to the DoD that a DIB contractor can adequately protect sensitive unclassified information including CUI, FCI, and CDI across a multi-tier supply chain. Beginning December 1, 2020, all entities receiving Department of Defense (DoD) contracts and orders, other than contracts or orders exclusively for commercially available off-the-shelf items or those valued at or below the micro-purchase threshold, are required to formally report their NIST 800-171 compliance score in the Supplier Performance Risk System (SPRS).

As DoD moves from NIST assessments to CMMC, DIB contractors will be assessed based on the CMMC Assessment Methodology and separated into five levels—where each level consists of practices and processes as well as those specified in lower levels—which reflects the depth of assessment performed and the associated level of confidence in the score resulting from the assessment. In addition to assessing a company’s implementation of cybersecurity practices, the CMMC will also assess the company’s institutionalization of cybersecurity processes.

Powered and Secured by SPYRUS Solutions, CRGs ComplyFXTM platform delivers the highest level of edge security with FIPs 140-2 level 3 tamper proof certification. SPYRUS provides a Rosetta Hardware Security Module (HSM), a FIPS 140-2 level 3 certified chip that provides complete end-to-end encryption in a tamperproof design. The Crestridge Group designed the tool with a business collaboration platform, a DoD self-assessment model using the DoD methodology, policies and procedures with a complete system security plan, and assessment test data. This complete turnkey solution enables DIB organizations to be NIST 800-171(r2) compliant with the required hardware, software, and business practices that provides a path to CMMC readiness.

“Federal contracts are critical to supporting our private sector and national interests,” explained Grant Evans, chief executive officer of SPYRUS Solutions. “The CMMC-Accreditation Body established the CMMC certification assessment methodology and accredit assessors, known as CMMC Third Party Assessment Organizations (C3PAOs) and individual assessors, for the Defense Industrial Base organizations that will adhere to DFARS regulations. It is not enough to create a security plan or simply deploy a solution and not use it, DIB organizations must take a broad view of what needs protecting and how. SPYRUS believes our partnership with The Crestridge Group offers the best hardware, software, and business practices solution to meet these critical cybersecurity regulations.”

The DoD interim rule to amend the Defense Federal Acquisition Regulation Supplement (DFARS) to implement the DoD Assessment Methodology and CMMC framework in order to assess contractor implementation of cybersecurity requirements to “covered contractor information systems,” as defined in the clause, that are not part of an IT service or system operated on behalf of the USG provides an enhanced protection of unclassified information within the DoD supply chain. CMMC measures cybersecurity maturity with five levels and aligns a set of processes and best practices from multiple cybersecurity standards, frameworks, and other references, including inputs from the broader community.

“Cybersecurity is an important challenge facing the government and defense industrial base,” continued Steve Hurt, chief technology officer with The Crestridge Group. “DFARS and CMMC are critical to establishing strong guidelines for organizations to protect valuable data for national security. The Crestridge Group is proud to partner with SPYRUS to provide organizations with ComplyFX, a complete and CMMC compliant secure enclave for all federal data.”

Learn more about SPYRUS at www.spyrus.com.


About SPYRUS Solutions, Inc.

SPYRUS develops and deploys cryptographic operating systems in innovative ways, providing the strongest protection for data in motion, data at rest and data in process.  For more than 20 years, SPYRUS has delivered encryption, authentication, and digital content security products to government, financial, and healthcare enterprises.  SPYRUS solutions enable customers to meet stringent regulatory requirements for data protections across industries. Connect with SPYRUS on LinkedIn and Twitter.

About The Crestridge Group, LLC
The Crestridge Group is a leading innovator in security and integration technologies for lightweight multi-function systems. We develop affordable secure communications, sensors, and robotics platforms. Our systems development approach allows us to innovate with unparalleled speed using cost effective techniques and enable the modernization of existing systems with enhanced readiness.