Effective Defense Requires Proven Strategy

Trusted CMMC Assessments for Defense Contractors

Smithers is an authorized Third-Party Assessment Organization (C3PAO) for the Cybersecurity Maturity Model Certification (CMMC) program. We support organizations across the Defense Industrial Base (DIB) as they prepare for and undergo CMMC Level 2 assessments.

Whether you're preparing for a formal certification or seeking a gap assessment, our team helps you navigate the CMMC process with clarity, precision, and deep cybersecurity expertise.

CMMC, the recently released Department of Defense rule, has established an aggressive timeline of under two years before CMMC assessments will become a requirement of all contract awards and executing options. However, subcontractors might encounter contract language inquiring about their current status and progress in their CMMC journey now. Subcontractors that proactively manage their CMMC compliance ensure they can continue to participate in defense contracts.

Why Work with Smithers?

Proven Expertise

Our assessors are certified professionals with decades of experience in cybersecurity, information systems, and compliance. We bring the same disciplined, evidence-based approach used in other accredited auditing programs—ensuring every assessment is thorough and aligned with DoD expectations.

Trusted by Industry

Smithers has worked with defense and aerospace manufacturers, R&D labs, and suppliers of all sizes. We understand the complexities of DFARS, NIST SP 800-171, and how these frameworks intersect with your operations.

End-to-End Support

From readiness reviews to formal assessments, we guide your team through each phase. Our process is designed to reduce uncertainty, increase efficiency, and give you a clear path to certification.

Smithers C3PAO Services

CMMC Level 2 Certification Assessments

For contractors handling Controlled Unclassified Information (CUI), a successful Level 2 assessment is required. We evaluate your compliance with the 110 NIST SP 800-171 requirements, as outlined by the CMMC model.

Readiness (Gap) Assessments

Before undergoing a formal assessment, many organizations choose to identify potential gaps. Our readiness reviews are structured to simulate a real audit—without impacting your official certification timeline.

The Continuous Assessment Process

To learn more about our continuous assessment offering, read our page on why to choose Smithers as your C3PAO.

Level 1 and Level 2 Assessment of the client's self-assessment.

The assessment will be conducted using the same processes and standards as a certification assessment. A third-party assessment offers credibility to the results and supports the organization executive or officer who signs the annual affirmation.

Authorized C3PAO

Cancel
Show Policy

Download our CMMC for Manufacturers FAQs Today

New! NIST 800-171 assessment checklist!