Nashville, TN (February 28, 2024) – Redspin, a division of cybersecurity and managed cloud services firm Clearwater, and the leader in Cybersecurity Maturity Model Certification (CMMC) services for the defense industrial base (DIB), today announced the successful completion of the Joint Surveillance Voluntary Assessment (JSVA) by its client, Phoenix Air Group, Inc. (Phoenix Air). Phoenix Air is a pioneering aviation company operating around the world for commercial and government clients providing passenger, cargo, and air ambulance transportation services. The JSVA, conducted by Redspin, jointly with the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), concluded with a flawless score of 110, earning Phoenix Air a DIBCAC High certificate, which is expected to convert to a CMMC Level 2 certification once the rule is effective.

The JSVA, an early adopter evaluation option preceding the finalization of CMMC rulemaking, allows organizations that have DoD contracts to undergo voluntary assessments conducted jointly by Certified 3^rd Party Assessment Organizations (C3PAOs), such as Redspin, and the DIBCAC. The JSVA Program is available until the DoD finalizes its CMMC rulemaking which is expected later this year.

The JSVA is a critical step in Phoenix Air’s strategy in demonstrating that as a DIB contractor, it has the cybersecurity maturity required to be a trusted partner to the DoD. Redspin, leveraging its proficiency in conducting comprehensive JSVAs that align with anticipated CMMC requirements, meticulously evaluated Phoenix Air’s implementation of NIST 800-171 r2 across various domains, including technical, physical, and administrative elements.

The completion of the JSVA with a 110 score and no plan of action and milestones (POA&Ms) positions Phoenix Air for early CMMC certification and exemplifies its leadership in both technology and security. Dent Thompson, Senior Vice President and Chief Operations Officer of Phoenix Air expressed pride in the company’s dedication to safeguarding sensitive information, saying, “This achievement underscores our unwavering commitment to protecting Controlled Unclassified Information (CUI) and reinforces our readiness to meet evolving regulatory requirements head-on.”

During its November 2023 Town Hall meeting, the Cyber Accreditation Body (The Cyber AB) reported that out of the 150 companies that applied for a JSVA, only 22 have completed the process up to that point. Of note, Redspin has conducted 10 of the fully completed 22 assessments.