CMMC for Manufacturers, FAQs
Download our CMMC for Manufacturers guide and review FAQs.
The cybersecurity landscape for defense contractors is changing quickly and permanently. CMMC is quickly becoming a mandated reality, and only those who prepare now will be able to maintain their Department of Defense contracts in the future.
Whether you are a prime or a subcontractor, you have likely seen an increase in RFIs asking about your CMMC status. You probably have noticed flow-down clauses referencing NIST SP 800-171. You and your team have perhaps been busy with internal discussions about how to interpret the new requirements. The CMMC clock is ticking—and waiting may mean missed opportunities.
Many contractors are asking the same questions:
At Smithers, we understand these are not just questions but strategic benchmarks.
As an authorized C3PAO, we help you interpret the present and prepare for the future. With a measured and well structured approach, we help you navigate the CMMC certification process so you can meet the moment with confidence.
For contractors handling Controlled Unclassified Information (CUI), a successful Level 2 assessment is required. We evaluate your compliance with the 110 NIST SP 800-171 requirements, as outlined by the CMMC model.
Before undergoing a formal assessment, many organizations choose to identify potential gaps. Our readiness reviews are structured to simulate a real audit—without impacting your official certification timeline.
The assessment will be conducted using the same processes and standards as a certification assessment. A third-party assessment offers credibility to the results and supports the organization executive or officer who signs the annual affirmation.
SPRS stands for Supplier Performance Risk System. It is the platform into which contractors need to add their compliance scores. Learn more about SPRS scores.
ITAR stands for International Traffic in Arms Regulations. Companies that are ITAR-registered is handling controlled unclassified information. Learn more about ITAR and its relationship to CMMC.
The office of DOD CIO has posted some helpful questions and answers about CMMC.
Founded in 1925 and headquartered in Akron, Ohio, Smithers is a multinational provider of testing, consulting, information, and compliance services. With laboratories and operations in North America, Europe, and Asia, Smithers supports customers in the transportation, life science, packaging, materials, components, consumer, cannabis, dry commodities, and energy industries. Smithers delivers accurate data, on time, with high touch, by integrating science, technology, and business expertise, so customers can innovate with confidence. Smithers is an authorized C3PAO and can be found on the CyberAB Marketplace.