Smithers achieves authorized C3PAO status

Smithers, a leading provider of testing, consulting, information, and compliance services, achieved authorized CMMC Third Party Assessor Organization (C3PAO) status from the Cyber Accreditation Body (Cyber-AB). This enables Smithers to provide third-party assessments and certifications for companies for whom the Department of Defense requires CMMC level 2 certification.

Smithers Quality Assessments successfully completed the authorization process that includes a license agreement, organizational background checks, and an assessment by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). To become an authorized C3PAO, Smithers established a high-security enclave for any Controlled Unclassified Information (CUI) requiring isolation and protection during assessments.

The CMMC rule, expected to be final by the end of 2024, requires certain defense contractors to undergo a third-party assessment against the NIST SP 800-171r2 standard. NIST SP 800-171 focuses on the protection of CUI data.

“Achieving C3PAO status represents an important milestone for Smithers,” states Jeanette Preston, President, Smithers Quality Assessments Division. “Our experience over the last thirty years as an accredited, third-party certification body will allow us to provide companies in the Defense Industrial Base with thorough assessments, high touch client service, and critical insight into how our clients are performing against requirements.”

Smithers also offers assessments against the ISO/IEC 27001 standard for Information Security Management Systems (ISMS) and ISO/IEC 27701 for information privacy.

“Cybersecurity assessment services are a natural fit for Smithers given our expertise in third-party conformity assessments,” states Michael Hochschwender, Chief Executive Officer, Smithers. “By providing contractors with reliable CMMC assessments, we are helping them maintain their valuable Department of Defense contracts while also helping to protect them from cybersecurity incidents.”

To learn more about CMMC rule and Smithers C3PAO status, contact Robert McVay at rmcvay@smithers.com.

For more information about Smithers, please visit https://www.smithers.com/c3pao-services.