The CMMC Accreditation Body (CyberAB) has officially authorized Honolulu-based Referentia Systems Incorporated (eResilience division) as one of only 63 C3PAOs worldwide and the only C3PAO in the Asia-Pacific region.
Across Hawaii and throughout the Asia-Pacific region, including Guam, and in support of U.S. bases, operations, and allies in the Indo-Pacific Command (INDOPACOM) area of responsibility (such as Japan, South Korea, Australia, and Taiwan), defense contractors provide a wide range of products, services, and innovations. Many contractors and subcontractors, both large and small, are finding the DoD’s CMMC program requirements to be much more difficult than anticipated, which is putting their future DoD business at risk. Companies that handle Controlled Unclassified Information (CUI) will need to obtain critical guidance from qualified consultants, and ultimately obtain 3rd party certification of their cyber compliance from authorized C3PAOs to win new DoD contract awards requiring certification once CMMC clauses begin appearing in contracts, expected by mid-2025. For the first year of CMMC implementation, most DoD contracts will start with a self-assessment requirement, and after one year, most CUI-handling contracts will require CMMC certification from a C3PAO. Because even the upcoming CMMC self-assessment requirement is significantly more challenging than current pre-CMMC requirements mandated in existing contracts, Hawaii contractors are facing potentially big impacts.
As Hawaii’s former Adjutant General and head of the State of Hawaii Department of Defense, Major General Robert G.F. Lee (retired) is encouraged by the news of a local company achieving C3PAO status. “Across Hawaii and the Asia-Pacific region, our security and economy are under constant threat of cyber attacks from nation-states and adversaries,” Major General Lee said. “Knowledge about compliance with federal safeguarding requirements tends to drop as you get further from the source, and for CMMC, the source is Washington D.C. It’s terrific that a Hawaii-headquartered organization has now been authorized as one of the very few C3PAOs in the country. The Referentia/eResilience team has a long history of excellence in cybersecurity, and with so many local businesses and their suppliers relying on DoD contracts, it’s critical for these businesses – and for Hawaii’s economy – to make sure they have access to the right type of expertise. In the future, their contracts will be dependent on the entire supply chain becoming CMMC compliant.”
Becoming a C3PAO is challenging. They are among the most highly scrutinized and vetted organizations in the Defense Industrial Base because they must first go through a stringent DoD audit process to prove that they meet all the requirements themselves before being authorized to validate the cybersecurity compliance of other organizations. The majority of the Referentia/eResilience team are nationwide cyber experts located in Hawaii and across the country, specializing in key areas of the cybersecurity spectrum from cyber risk management to building secure cyber products. “With the big shortage of cyber experts in the nation, Referentia/eResilience has done a phenomenal job both recruiting the best and developing strong IT professionals who are proven reliable, drive for growth and have a passion for cyber!”, said Major General Lee.
Mr. Randall Cieslak, former Chief Information Officer (CIO) of INDOPACOM, spent more than 20 years as INDOPACOM’s Authorizing Official (AO). Now serving as Chief Cyber Strategist at Referentia, Mr. Cieslak says the bar for CMMC compliance is higher than most companies understand. “The threats are getting more and more sophisticated, especially with the acceleration of AI”, Cieslak said. “Businesses that achieve CMMC will lower cybersecurity risks and demonstrate to the DoD that they can protect sensitive and controlled unclassified information. The subsequent improvement in cybersecurity will reduce the loss of intellectual property, and minimize operational interruptions caused by ransomware that cost companies billions of dollars each year. Achieving CMMC is not only a national security priority but is good for business as well.”
Combining qualifications as a C3PAO, CyberAB-accredited Licensed Training Provider (LTP), and Registered Practitioner Organization (RPO) with multiple Certified CMMC Assessor (CCA) (including several Lead CCA), Certified CMMC Professional (CCP) and Registered Practitioner Advanced (RPA) staff, eResilience offers comprehensive and focused consulting services to Organizations Seeking Certification (OSC), providing strategies for prime contractors and their suppliers to dramatically improve their chances of becoming CMMC compliant.
“Although we are headquartered in Honolulu, Hawaii, many of our clients and staff are on the mainland, and we have been privileged to help hundreds of companies in preparing for CMMC – from small businesses to Fortune 500 companies in Hawaii and across the country as well as internationally,” said CMMC expert Larry Lieberman. “Many of our customers initially tried preparing for CMMC on their own or hired vendors to help them, however, they quickly realized the value of specialized CMMC cyber compliance experts that clearly understand and have participated in actual C3PAO and DoD cybersecurity assessments.” Mr. Lieberman is a nationally recognized expert in DFARS / NIST / CMMC compliance education and training, providing expertise to DoD prime contractors and their supply chains as well as the procurement community through special sessions at National Contract Management Association (NCMA) World Congress events, Contract Management Magazine articles, and more than twenty-five thought leadership CMMC cyber compliance webinars and training events produced in conjunction with the non-profit Cyber Collaboration Center, that have reached more than 10,000 registrants across the Defense Industrial Base (DIB).
For any organization involved or hoping to get involved in federal and DoD contracting or subcontracting, maintaining an awareness of and compliance with CMMC and other federal cybersecurity regulatory policies is critical. As an accredited consultant, licensed training provider, and now authorized C3PAO, Referentia and its eResilience division can provide information, insights, and services to assist defense contractors at any stage of their compliance effort.
