NSF-ISR Receives Authorization as CMMC Third-Party Assessment Organization

NSF-ISR, a leading global management systems certification body, is pleased to announce its authorization as a Cybersecurity Maturity Model Certification (CMMC) Third Party Assessment Organization (C3PAO). Authorization allows NSF-ISR to verify defense contractors' compliance to CMMC through independent audits.

C3PAO authorization required the NSF-ISR Information Security team to undergo an extensive review process conducted by the Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center. The DCMA auditors reviewed NSF-ISR's technical controls, procedures, and policies to ensure they met the strict criteria required for authorization.

This a major milestone in NSF-ISR's efforts to enhance cybersecurity for the United States Department of Defense's (DoD) supply chain. NSF-ISR's C3PAO authorization allows its CMMC assessors to conduct independent assessments to ensure manufacturers comply with rigorous cybersecurity standards to protect Controlled Unclassified Information (CUI) that the DoD or primes share with its contractors and subcontractors.

"NSF-ISR has been an early adopter of CMMC and has supported and conducted NIST 800-171 assessments for many years," states Tony Giles, Director of Information Security, NSF-ISR. "We are excited to receive C3PAO authorization, as protecting our nation's information is mission critical. We are passionate about this work and proud to take part in it."

CMMC compliance helps organizations that work with the defense industry or have suppliers and customers in their defense supply chain meet contractual security requirements, which will be included in defense contracts after rulemaking is finalized. NSF-ISR plans to participate in the Joint Voluntary Assessments that take place ahead of the final CMMC rule taking effect, allowing prepared organizations to skip to the front of the line ahead of the 220,000 companies in the Defense Industrial Base (DIB) waiting for rulemaking to complete.

NSF-ISR is now listed on the CyberAB Marketplace as an authorized C3PAO - the first authorized C3PAO in Michigan and one of only two that also certifies companies to ISO/IEC 27001: Information Security Management. NSF-ISR has over 78 years of experience and is comprised of information security experts and talented lead auditors that help companies maximize their cybersecurity efforts. NSF-ISR's authorization will provide manufacturers with an experienced, third-party partner to achieve CMMC compliance.

Learn more about NSF-ISR's CMMC service. For media inquiries, please contact Kara Nicolaides at [email protected].

About NSF-ISR

NSF International Strategic Registrations (NSF-ISR) offers comprehensive management systems registrations to internationally accepted standards for quality assurance, safety, environmental protection and information security for the automotive, aerospace, food, health sciences and water industries (e.g. ISO 9001, ISO 14001, ISO 45001, ISO 27001, AS9100, IATF 16949, ISO 22000, ISO 13485, etc.).

About NSF

NSF is an independent, global organization that facilitates standards development, and tests and certifies products for the food, water, health sciences and consumer goods industries to minimize adverse health effects and protect the environment. Founded in 1944, NSF is committed to protecting human health and safety worldwide. With operations in 180 countries, NSF is a Pan American Health Organization/World Health Organization Collaborating Centre on Water Quality, Food Safety, and Medical Device Safety.