Accounting firm selected for DOD cybersecurity certification

Listen to this article

Days after the Colonial Pipeline attack, Elliott Davis made public that it is preparing to open its doors to Department of Defense contractors with sensitive information in the stacks.

The Cybersecurity Maturity Model Certification Accreditation Body, an organization that manages a Department of Defense certification process for accounting firms capable of protecting sensitive information, recently selected the Greenville company as a candidate to become a Certified Third-Party Assessor Organization, or C3PAO.

The candidate selection is a critical step in helping federal contractors navigate the Defense Department’s cybersecurity certification process, according to the announcement.

"Now is the time to prepare as the Department of Defense will begin requiring CMMC certification in some request for proposals and contracts starting fiscal year 2021," Lizzie Tinker, cybersecurity manager of  Elliott Davis and one of the first CMMC provisional assessors in the nation, said in the release. "It is a complex process that becomes more stringent based on the level your business ranks as a DoD contractor. Our cybersecurity team has deep expertise advising clients that contract with the DoD, and we're proud to be selected as a candidate C3PAO to help customers navigate the CMMC process."

The CMMC includes a certification process that measures maturity over five levels. Elliott Davis provides CMMC counsel and services, including overall readiness, maturing from one level to the next, gap analysis, control selection and tailoring, control implementation guidance, system security plan development, and plan of action and milestones development, according to the release.

According to a recent report from cybersecurity company Atlas VPN, financial service providers are the hottest targets for cyberattacks in the United States, facing almost 60 million cyberattacks on May 9 alone. 

Other businesses faced almost 46 million attacks that day, followed by the health care sector with 27 million attacks, the computing and IT industry at almost 17 million attacks and the education sector at almost 13 million.

The report also noted that by far, the greatest number of U.S.-directed cyberattacks are from within the United States itself. On May 9 alone, U.S. cyber criminals launched 174 million attacks on U.S. companies. Russia-sourced hacks rolled in at a much smaller 10 million.

“Cybercriminals are only getting bolder,” Anton Petrov, a researcher and cybersecurity writer with Atlas VPN, said in the report news release. “To mitigate the risks of the ever-evolving cyber threats, organizations in the United States and the rest of the world need to step up their efforts.”