CMMC for Manufacturers, FAQs
Download our CMMC for Manufacturers guide and review FAQs.
Smithers is an authorized Third-Party Assessment Organization (C3PAO) for the Cybersecurity Maturity Model Certification (CMMC) program. We support organizations across the Defense Industrial Base (DIB) as they prepare for and undergo CMMC Level 2 assessments.
Whether you're preparing for a formal certification or seeking a gap assessment, our team helps you navigate the CMMC process with clarity, precision, and deep cybersecurity expertise.
CMMC, the recently released Department of Defense rule, has established an aggressive timeline of under two years before CMMC assessments will become a requirement of all contract awards and executing options. However, subcontractors might encounter contract language inquiring about their current status and progress in their CMMC journey now. Subcontractors that proactively manage their CMMC compliance ensure they can continue to participate in defense contracts.
Our assessors are certified professionals with decades of experience in cybersecurity, information systems, and compliance. We bring the same disciplined, evidence-based approach used in other accredited auditing programs—ensuring every assessment is thorough and aligned with DoD expectations.
Smithers has worked with defense and aerospace manufacturers, R&D labs, and suppliers of all sizes. We understand the complexities of DFARS, NIST SP 800-171, and how these frameworks intersect with your operations.
From readiness reviews to formal assessments, we guide your team through each phase. Our process is designed to reduce uncertainty, increase efficiency, and give you a clear path to certification.
For contractors handling Controlled Unclassified Information (CUI), a successful Level 2 assessment is required. We evaluate your compliance with the 110 NIST SP 800-171 requirements, as outlined by the CMMC model.
Before undergoing a formal assessment, many organizations choose to identify potential gaps. Our readiness reviews are structured to simulate a real audit—without impacting your official certification timeline.
The assessment will be conducted using the same processes and standards as a certification assessment. A third-party assessment offers credibility to the results and supports the organization executive or officer who signs the annual affirmation.