NSF-ISR Receives Authorization as CMMC Third-Party Assessment Organization
ANN ARBOR, Mich. – NSF-ISR, a leading global management systems certification body, is pleased to announce its authorization as a Cybersecurity Maturity Model Certification (CMMC) Third Party Assessment Organization (C3PAO). Authorization allows NSF-ISR to verify defense contractors' compliance to CMMC through independent audits.
C3PAO authorization required the NSF-ISR Information Security team to undergo an extensive review process conducted by the Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center. The DCMA auditors reviewed NSF-ISR's technical controls, procedures, and policies to ensure they met the strict criteria required for authorization.
This a major milestone in NSF-ISR's efforts to enhance cybersecurity for the United States Department of Defense’s (DoD) supply chain.
NSF-ISR's C3PAO authorization allows its CMMC assessors to conduct independent assessments to ensure manufacturers comply with rigorous cybersecurity standards to protect Controlled Unclassified Information (CUI) that the DoD or primes share with its contractors and subcontractors.
“NSF-ISR has been an early adopter of CMMC and has supported and conducted NIST 800-171 assessments for many years,” states Tony Giles, Director of Information Security, NSF-ISR. “We are excited to receive C3PAO authorization, as protecting our nation’s information is mission critical. We are passionate about this work and proud to take part in it.”
CMMC compliance helps organizations that work with the defense industry or have suppliers and customers in their defense supply chain meet contractual security requirements, which will be included in defense contracts after rulemaking is finalized. NSF-ISR plans to participate in the Joint Voluntary Assessments that take place ahead of the final CMMC rule taking effect, allowing prepared organizations to skip to the front of the line ahead of the 220,000 companies in the Defense Industrial Base (DIB) waiting for rulemaking to complete.
NSF-ISR is now listed on the CyberAB Marketplace as an authorized C3PAO - the first authorized C3PAO in Michigan and one of only two that also certifies companies to ISO/IEC 27001: Information Security Management. NSF-ISR has over 78 years of experience and is comprised of information security experts and talented lead auditors that help companies maximize their cybersecurity efforts. NSF-ISR's authorization will provide manufacturers with an experienced, third-party partner to achieve CMMC compliance.
For media inquiries, please Contact Us.
Cybersecurity Maturity Model Certification (CMMC)
Ready To Begin the Process?
Share this Article
How NSF Can Help You
What’s New with NSF
iNADO Partners with NSF to Support Members and Athletes
May 27, 2026iNADO is pleased to welcome NSF’s expertise and experience in support of its members and the athletes they serve
NSF Ends UK’s Three-Year Testing Gap with REG 31 Testing Designation
May 20, 2026NSF’s Oakdale laboratory becomes the UK’s sole facility offering comprehensive BS 6920 and REG 31 testing, closing a critical drinking water safety gap.
Tangent® Materials Announces Industry First: Tangent PolySheet™ CB Earns Certification to NSF 537, Becoming the First PFAS-Free NSF Standard 51 Food Equipment Material
May 20, 2026New food-grade synthetic cutting-board sheet, engineered from the ground up without per- and polyfluoroalkyl substances (PFAS), establishes a new materialsafety benchmark for food-contact and food-equipment applications.
NSF Expands Food Equipment Portfolio with Electrical Safety Testing and Certification
April 30, 2026Manufacturers now have a “one-stop-shop” for both sanitation and electrical safety certification, enabling market expansion and regulatory compliance.