Military Embedded Systems

DoD supply chain to be protected under cybersecurity program


February 25, 2021

Emma Helfrich

Technology Editor

Military Embedded Systems

Stock image.

ANN ARBOR, Mich. NSF International Strategic Registrations (NSF-ISR) has been authorized by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) to offer a new cybersecurity assessment to companies from the aerospace and defense, technology, and software provider industries within the Department of Defense (DoD) supply base.

The CMMC-AB approved NSF-ISR, a management systems certification company of NSF International, is one of the first Cybersecurity Maturity Model Certification (CMMC) program Certified Third-Party Assessment Organizations (C3PAO). The certification program was created by the DoD to enhance the protection of controlled unclassified information, such as blueprints for parts of new defense aircraft and specifications for military uniforms, within their supply base.

According to officials, the CMMC C3PAO authorization process requires all C3PAOs to be ISO/IEC 17021 accredited, and ISO/IEC 27001 certified, which are criteria NSF-ISR and parent company, NSF International, fulfill. While C3PAOs cannot provide official assessments at this time, it is thought that they will be able to do so in the near future. NSF-ISR is preparing now to take the next level assessment once available.

Commercial assessments will begin by this spring. By 2025, as many as 350,000 supply chain companies will be contractually mandated to be certified to the new CMMC requirements as a matter of national security.