CynergisTek, (NYSE AMERICAN: CTEK), a leading cybersecurity firm helping organizations in highly regulated industries navigate emerging security and privacy issues, today announced that Redspin, a division of CynergisTek, received approval from the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) to perform CMMC assessments as a C3PAO and to perform pre-assessment security consulting as a RPO.

The United States Department of Defense (DoD) is the first government agency to require third party cyber security assessments of contractors with access to controlled unclassified information. This is part of a broad effort from the DoD to reduce the estimated $600 billion in cybercrime losses impacting the nation’s military supply chain every year. In a phased rollout, 300,000 Defense Industrial Base (DIB) contractors will be required to meet varying levels of CMMC certification as a requirement for the DoD to award a contract. As one of only a handful of C3PAO organizations approved today, Redspin is authorized to perform Levels 1-3 CMMC assessments as part of the provisional program defined by the CMMC-AB.

CMMC is based on U.S. federal acquisition rule (48 FAR 52.204-21) mandating implementation of basic safeguarding requirements and the DoD federal acquisition rules (DFARS 252.204-70xx Series) to protect Controlled Unclassified Information. These regulations are similar to those governing HIPAA and PHI in healthcare, and based on NIST Special Publication 800-171, which is similar and complementary to the assessment, consulting, and remediation work that CynergisTek provides today.

“Offering our expertise to the DoD as a C3PAO and RPO is a natural progression, evolving our healthcare practice and knowledge to address the needs and high demand in adjacent markets. For example, many of our academic medical center clients need to comply with CMMC. As a result, Redspin is proud to be one of the organizations having one of the first one hundred CMMC-trained assessors on staff,” says Caleb Barlow, CEO and president at CynergisTek.

Mr. Barlow goes onto say, “We’re honored to be one of the first public companies chosen to help ensure controlled unclassified information flowing down from the DoD to the DIB contractors and their subcontractors is protected. Getting in on the ground level aligns extremely well with our growth strategy and expansion of the Company. It is a simple pivot for us leveraging existing resources, skills, and technology, and dramatically expands our total addressable market.”

About Redspin

Redspin (www.redspin.com), a division of CynergisTek, is a best-in-class cybersecurity company providing security testing, assessments, validation, and consulting services to many Fortune 500 and leading growth companies in highly regulated industries including government, financial, technology, and manufacturing. Redspin helps improve organizations cyber readiness and resiliency through a strategic and proven approach to reduce cyber risks and safeguard sensitive information.

Forward-Looking Statements

This release contains certain forward-looking statements relating to the business of CynergisTek that can be identified by the use of forward-looking terminology such as “believes,” “expects,” “anticipates,” “may” or similar expressions. Such forward-looking statements involve known and unknown risks and uncertainties, including uncertainties relating to product/service development, long and uncertain sales cycles, the ability to obtain or maintain patent or other proprietary intellectual property protection, market acceptance, future capital requirements, competition from other providers, the ability of our vendors to continue supplying the company with equipment, parts, supplies and services at comparable terms and prices and other factors that may cause actual results to be materially different from those described herein as anticipated, believed, estimated or expected. Certain of these risks and uncertainties are or will be described in greater detail in our Form 10-K and Form 10-Q filings with the Securities and Exchange Commission, which are available at http://www.sec.gov. CynergisTek is under no obligation (and expressly disclaims any such obligation) to update or alter its forward-looking statements whether as a result of new information, future events or otherwise.