Opportunity
Clemson University Ionwave #211508999 Addendum 1
Clemson University Seeks C3PAO for CMMC Level 2 Assessment Services
Posted
March 09, 2026
Respond By
April 10, 2026
Identifier
211508999 Addendum 1
NAICS
541512
This opportunity seeks a qualified Certified Third-Party Assessment Organization (C3PAO) to support Clemson University in achieving Cybersecurity Maturity Model Certification (CMMC) Level 2 compliance. - Government Buyer: - Clemson University (higher education institution) - Services Requested: - CMMC Level 2 Mock Assessment (Project 1) - Evaluate the Secure Enclave and related processes for CMMC Level 2 compliance - Assess against NIST SP 800-171 and CMMC Level 2 practices - Quantity: 1 engagement - CMMC Level 2 Certification Assessment (Project 2) - Potential formal certification assessment, at university's discretion - Quantity: 1 engagement - Vendor Requirements: - Must be an accredited C3PAO with proven experience in formal CMMC Level 2 assessments - Compliance with Department of Defense (DoD) and Cyber AB standards is mandatory - Notable Details: - No specific OEMs or product part numbers are involved; this is a professional services engagement - The scope is focused on assessment and certification, not product procurement - Place of Performance: - Clemson University, Clemson, SC (Pickens County) - Period of Performance: - Phased engagement: initial mock assessment, followed by potential formal certification assessment; specific dates not provided
Description
Clemson University is seeking proposals from qualified Certified Third-Party Assessment Organizations (C3PAOs) for a phased engagement involving a Cybersecurity Maturity Model Certification (CMMC) Level 2 Mock Assessment and potentially a formal CMMC Level 2 Certification Assessment. The selected partner must have proven experience conducting formal CMMC Level 2 assessments in compliance with Department of Defense and Cyber AB requirements. The assessment will evaluate Clemson's Secure Enclave and associated processes for compliance with NIST SP 800-171 and CMMC Level 2 practices. This opportunity is aimed at ensuring cybersecurity compliance and readiness for defense-related standards.