Smithers Approved to Conduct CMMC Assessments for DoD Contractors Starting November 2025
On November 10, 2025, a pivotal moment in cybersecurity compliance will unfold as the Department of Defense (DoD) finalizes the Cybersecurity Maturity Model Certification (CMMC) framework, specifically targeting contractors who manage controlled unclassified information (CUI). Smithers, a prominent player in testing and consulting services, has been officially recognized as a CMMC Third-Party Assessor Organization (C3PAO), poised to assist Defense Industrial Base contractors in navigating these new requirements.
The CMMC is more than just a regulatory hurdle; it's a comprehensive initiative designed to fortify the cybersecurity posture of defense contractors. With the final rule published in the Federal Register on September 10, 2025, companies are now required to begin with self-assessment protocols before advancing towards third-party certifications in subsequent phases. This structured approach ensures that contractors can address their cybersecurity vulnerabilities progressively, ultimately achieving compliance through verified assessments.
Smithers is fully equipped to support contractors in this transition. As part of the CMMC Quality Assessments Division, the organization will first offer CMMC Level 2 assessments as dictated by 32CFR regulations. Additionally, they provide a critical CMMC Level 1 risk reduction assessment to aid contractors in conducting self-assessments and affirmations for Federal Contract Information (FCI). This structured methodology lays a strong foundation for comprehensive cybersecurity measures across the board.
Jeanette Preston, the President of Smithers Quality Assessments Division, emphasized the team's readiness to tackle this challenge, stating, "We have been preparing for this moment for a long time. Our goal is to ensure that the Defense Industrial Base is equipped for CMMC assessments and certifications."
It’s important to note that though the deadline for compliance is set, the DoD holds the authority to expedite requirements, meaning that prime contractors or even the DoD itself may initiate these compliance measures ahead of schedule. This flexibility emphasizes the urgency and necessity for contractors to remain vigilant and proactive in their cybersecurity measures.
Founded in 1925 and headquartered in Akron, Ohio, Smithers has evolved into a multinational enterprise offering a range of testing, consulting, and compliance services tailored to various industries, including transportation and life sciences. With operations across North America, Europe, and Asia, Smithers is dedicated to delivering precise data punctually while integrating scientific, technological, and business insights to empower client innovation. As an authorized C3PAO, Smithers can also be discovered on the Cyber AB Marketplace, offering an additional layer of visibility and credibility within the defense contracting sphere.
As the compliance deadline approaches, the role of Smithers as a facilitator for the CMMC assessments becomes increasingly significant. Companies within the Defense Industrial Base must prepare thoroughly to satisfy these new regulatory requirements, relying on knowledgeable partners like Smithers to align their cybersecurity strategies with federal expectations. This transition represents not just a bureaucratic change, but a strategic step towards enhancing the overall security framework that supports our nation's defense operations.
The CMMC is more than just a regulatory hurdle; it's a comprehensive initiative designed to fortify the cybersecurity posture of defense contractors. With the final rule published in the Federal Register on September 10, 2025, companies are now required to begin with self-assessment protocols before advancing towards third-party certifications in subsequent phases. This structured approach ensures that contractors can address their cybersecurity vulnerabilities progressively, ultimately achieving compliance through verified assessments.
Smithers is fully equipped to support contractors in this transition. As part of the CMMC Quality Assessments Division, the organization will first offer CMMC Level 2 assessments as dictated by 32CFR regulations. Additionally, they provide a critical CMMC Level 1 risk reduction assessment to aid contractors in conducting self-assessments and affirmations for Federal Contract Information (FCI). This structured methodology lays a strong foundation for comprehensive cybersecurity measures across the board.
Jeanette Preston, the President of Smithers Quality Assessments Division, emphasized the team's readiness to tackle this challenge, stating, "We have been preparing for this moment for a long time. Our goal is to ensure that the Defense Industrial Base is equipped for CMMC assessments and certifications."
It’s important to note that though the deadline for compliance is set, the DoD holds the authority to expedite requirements, meaning that prime contractors or even the DoD itself may initiate these compliance measures ahead of schedule. This flexibility emphasizes the urgency and necessity for contractors to remain vigilant and proactive in their cybersecurity measures.
Founded in 1925 and headquartered in Akron, Ohio, Smithers has evolved into a multinational enterprise offering a range of testing, consulting, and compliance services tailored to various industries, including transportation and life sciences. With operations across North America, Europe, and Asia, Smithers is dedicated to delivering precise data punctually while integrating scientific, technological, and business insights to empower client innovation. As an authorized C3PAO, Smithers can also be discovered on the Cyber AB Marketplace, offering an additional layer of visibility and credibility within the defense contracting sphere.
As the compliance deadline approaches, the role of Smithers as a facilitator for the CMMC assessments becomes increasingly significant. Companies within the Defense Industrial Base must prepare thoroughly to satisfy these new regulatory requirements, relying on knowledgeable partners like Smithers to align their cybersecurity strategies with federal expectations. This transition represents not just a bureaucratic change, but a strategic step towards enhancing the overall security framework that supports our nation's defense operations.
Topics Policy & Public Interest)
【About Using Articles】
You can freely use the title and article content by linking to the page where the article is posted.
※ Images cannot be used.
【About Links】
Links are free to use.