Kratos Named One of the First Cybersecurity Maturity Model Certification (CMMC) Third Party Assessment Organizations (C3PAO)

San Diego, California, UNITED STATES

SAN DIEGO, June 15, 2021 (GLOBE NEWSWIRE) -- Kratos Defense & Security Solutions, Inc. (Nasdaq: KTOS), a leading National Security Solutions provider, announced today that it has been named by the federal government as one of the first two CMMC Third Party Assessment Organizations (C3PAO). As a C3PAO, Kratos will be able to conduct CMMC Level 1-3 assessments once the government completes certain preparatory and authorization steps.

The CMMC is a new unified security standard and a certification process developed by the U.S. Department of Defense (DoD) to protect the security of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) within the Defense Industrial Base (DIB). In accordance with recent updates to DFARS 252.204, the Office of the Under Secretary of Defense (OUSD) will begin a phased rollout requiring contractors to achieve CMMC certification. Once the rollout is complete, nearly all companies seeking to respond to DoD proposal requests will require CMMC certification.

Kratos has years of robust experience in compliance and certification, risk management and cyber operations, defense and engineering. Services include vulnerability assessments, enterprise security architecture design, application security testing and risk management processes. Kratos cybersecurity services support the development and operation of proactive cybersecurity programs, the development of enterprise cloud security strategies, and the establishment of sound and practical information security architectures tailored to organizational needs.

Mark Williams, Vice President, Kratos Cybersecurity Services explained: “As a member of the DIB Kratos underwent a rigorous assessment by the Defense Industrial Base Cybersecurity Assessment Center, which was a key factor in its early C3PAO authorization by the CMMC AB.” Once authorized to begin conducting assessments. Kratos’ Provisional Assessor-led teams will conduct the CMMC assessments that consist of up to four phases. The Planning phase includes assessment plan development and an assessment readiness review. The Assessment phase includes collecting and validating the required Objective Evidence (OE) and generating final results. Presentation of the results occurs in the Report Findings phase. If issues are identified in the Report Findings phase, the Remediation phase is dedicated to evaluating remedial actions taken. Depending on the assessment complexity Kratos estimates that most assessments will be completed in four to six weeks.

Phil Carrai, President of Kratos Space, Training and Cyber Division highlighted the importance of a robust CMMC program. “The recent spate of data breaches affecting both government and commercial organizations underscores the need for more robust security measures to protect critical information. For DoD this means increased protection of FCI and CUI data. CMMC will be a critical component of heightened security as all companies will need to pass strict CMMC security assessments before being awarded DoD contracts. Kratos is proud to be named one of the first C3PAOs. Our extensive experience in providing advisory and assessment services for compliance frameworks such as FedRAMP and others position us well to support CMMC.”

For more information on Kratos’ CMMC services visit:

About Kratos Defense & Security Solutions
Kratos Defense & Security Solutions, Inc. (NASDAQ:KTOS) develops and fields transformative, affordable technology, platforms and systems for United States National Security related customers, allies and commercial enterprises. Kratos is changing the way breakthrough technology for these industries are rapidly brought to market through proven commercial and venture capital backed approaches, including proactive research and streamlined development processes. Kratos specializes in unmanned systems, satellite communications, cyber security/warfare, microwave electronics, missile defense, hypersonic systems, training, combat systems and next generation turbo jet and turbo fan engine development. For more information go to

Notice Regarding Forward-Looking Statements
Certain statements in this press release may constitute "forward-looking statements" within the meaning of the Private Securities Litigation Reform Act of 1995. These forward-looking statements are made on the basis of the current beliefs, expectations and assumptions of the management of Kratos and are subject to significant risks and uncertainty. Investors are cautioned not to place undue reliance on any such forward-looking statements. All such forward-looking statements speak only as of the date they are made, and Kratos undertakes no obligation to update or revise these statements, whether as a result of new information, future events or otherwise. Although Kratos believes that the expectations reflected in these forward-looking statements are reasonable, these statements involve many risks and uncertainties that may cause actual results to differ materially from what may be expressed or implied in these forward-looking statements. For a further discussion of risks and uncertainties that could cause actual results to differ from those expressed in these forward-looking statements, as well as risks relating to the business of Kratos in general, see the risk disclosures in the Annual Report on Form 10-K of Kratos for the year ended December 27, 2020, and in subsequent reports on Forms 10-Q and 8-K and other filings made with the SEC by Kratos.

Press Contact:
Yolanda White
858-812-7302 Direct

Investor Information: