February 2021

· 2 min read

NSF-ISR Authorized to Help Protect the Department of Defense Supply Chain Through New Cybersecurity Program

NSF International Strategic Registrations named one of the first certifiers for a new program to enhance the protection and safeguard of controlled unclassified information.
Hands on MacBook laptop

ANN ARBOR, Mich. – NSF International Strategic Registrations (NSF-ISR) has been authorized by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) to offer a new cybersecurity assessment to companies from the aerospace and defense, technology and software provider industries within the Department of Defense (DoD) supply base.

The CMMC-AB approved NSF-ISR, a management systems certification company of NSF International, as one of the first Cybersecurity Maturity Model Certification (CMMC) program Certified Third-Party Assessment Organizations (C3PAO). The certification program was created by the DoD to enhance the protection of controlled unclassified information, such as blueprints for parts of new defense aircraft and specifications for military uniforms, within their supply base.

“Some level of CMMC will be required for all defense contractors, and we are honored to be among the first to be authorized to help protect our nation’s security,” said Jennifer Morecraft, NSF-ISR Senior Managing Director. “If you handle any form of controlled unclassified information, whether that is a service such as mowing the grass, providing simulation software to train soldiers prior to deployment or the manufacturing of helicopter propellers or apparel, your organization will be required to be certified to some level of CMMC.”

The rigorous CMMC C3PAO authorization process requires all C3PAOs to be ISO/IEC 17021 accredited, and ISO/IEC 27001 certified, which are criteria NSF-ISR and parent company, NSF International, fulfill. Additionally, NSF-ISR has invested in the CMMC program further with two dedicated resources. Last fall, Tony Giles, NSF-ISR Business Lead for Information Security, earned certification as a CMMC Provisional Assessor and Rhia Dancel, NSF-ISR Technical Manager, earned certification as a CMMC Registered Practitioner. While C3PAOs cannot provide official assessments at this time, it is thought that they will be able to do so in the near future. NSF-ISR is preparing now to take the next level assessment once available.

Commercial assessments will begin by this spring. By 2025, as many as 350,000 supply chain companies will be contractually mandated to be certified to the new CMMC requirements as a matter of national security.

CMMC-AB authorization further extends NSF-ISR’s expertise in information security. NSF-ISR also provides certification to ISO/IEC 27001, IEC/ISO 20000-1, NIST 800-171, CSA STAR and other management systems certifications.

Additional NSF-ISR CMMC or security resources:

To schedule an interview, contact Samantha Dean at media@nsf.org or +1 202 822 1850.