Contact us

NSF-ISR Receives Authorization as CMMC Third-Party Assessment Organization

Authorization allows NSF-ISR to verify defense contractors' compliance to CMMC through independent audits.

ANN ARBOR, Mich. – NSF-ISR, a leading global management systems certification body, is pleased to announce its authorization as a Cybersecurity Maturity Model Certification (CMMC) Third Party Assessment Organization (C3PAO). Authorization allows NSF-ISR to verify defense contractors' compliance to CMMC through independent audits.

C3PAO authorization required the NSF-ISR Information Security team to undergo an extensive review process conducted by the Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center. The DCMA auditors reviewed NSF-ISR's technical controls, procedures, and policies to ensure they met the strict criteria required for authorization.

This a major milestone in NSF-ISR's efforts to enhance cybersecurity for the United States Department of Defense’s (DoD) supply chain.

NSF-ISR's C3PAO authorization allows its CMMC assessors to conduct independent assessments to ensure manufacturers comply with rigorous cybersecurity standards to protect Controlled Unclassified Information (CUI) that the DoD or primes share with its contractors and subcontractors.

“NSF-ISR has been an early adopter of CMMC and has supported and conducted NIST 800-171 assessments for many years,” states Tony Giles, Director of Information Security, NSF-ISR. “We are excited to receive C3PAO authorization, as protecting our nation’s information is mission critical. We are passionate about this work and proud to take part in it.”

CMMC compliance helps organizations that work with the defense industry or have suppliers and customers in their defense supply chain meet contractual security requirements, which will be included in defense contracts after rulemaking is finalized. NSF-ISR plans to participate in the Joint Voluntary Assessments that take place ahead of the final CMMC rule taking effect, allowing prepared organizations to skip to the front of the line ahead of the 220,000 companies in the Defense Industrial Base (DIB) waiting for rulemaking to complete.

NSF-ISR is now listed on the CyberAB Marketplace as an authorized C3PAO - the first authorized C3PAO in Michigan and one of only two that also certifies companies to ISO/IEC 27001: Information Security Management. NSF-ISR has over 78 years of experience and is comprised of information security experts and talented lead auditors that help companies maximize their cybersecurity efforts. NSF-ISR's authorization will provide manufacturers with an experienced, third-party partner to achieve CMMC compliance.

For media inquiries, please Contact Us.

Cybersecurity Maturity Model Certification (CMMC)

Become a CMMC certified organization to maintain your organization’s Department of Defense supplier status.
Learn more

Ready To Begin the Process?

Contact us with questions or to receive a quote.

Share this Article

How NSF Can Help You

Get in touch to find out how we can help you and your business thrive.

What’s New with NSF