CMMC Accreditation Body Certifies NSF-ISR as Third-Party Assessment Organization
NSF International Strategic Registrations, a management systems certification company, has been named a third-party assessment organization under the Cybersecurity Maturity Model Certification program.
The authorization provides clearance to offer cybersecurity assessments to aerospace and defense, technology and software companies in the defense industrial base, NSF-ISR said Thursday.
“Some level of CMMC will be required for all defense contractors, and we are honored to be among the first to be authorized to help protect our nation’s security,” said NSF-ISR Senior Managing Director Jennifer Morecraft.
The Department of Defense created the CMMC program to better protect controlled unclassified information such as blueprints for specifications of defense aircraft and military uniforms.
CMMC standards are also seeing traction outside the DOD community. The General Services Administration announced that it will implement CMMC-level cybersecurity and information control requirements in large acquisition vehicles such as the $50 billion Streamlined Technology Application Resource for Services III contract.
Morecraft noted that all tasks involving controlled unclassified information, including mowing grass and providing training simulation software, require some level of CMMC certification.
The company said it expects that by 2025, as many as 350,000 defense industrial base companies will be contractually required to be certified to the new CMMC requirements as a matter of national security.
NSF-ISR said the authorization from the CMMC Accreditation Body extends the company’s expertise in information security.
The company also provides certification to ISO/IEC 27001, IEC/ISO 20000-1, National Institute of Standards and Technology Special Publication 800-171 and CSA STAR, among others.
NIST published SP 800-171 in light of the SolarWinds hack, which compromised the networks of several federal agencies and more than a hundred American companies. SP 800-171 requires federal agencies to enhance their protection of controlled unclassified information.
NSF-ISR added that its parent company, NSF International, needed to be ISO/IEC 17021-accredited and ISO/IEC 27001-certified to qualify for the C3PAO authorization.
Tags: C3PAO certification CMMC CMMC-AB cybersecurity Defense Industrial Base Department of Defense General Services Administration GSA Jennifer Morecraft NSF International NSF-ISR SolarWinds SP 800-171 STARS III