.jpg)
CMMC for Manufacturers, FAQs
Download our CMMC for Manufacturers guide and review FAQs.
.jpg?ext=.jpg)
Effective Defense Requires Proven Strategy
Trusted CMMC Assessments for Defense Contractors
Smithers is an authorized Third-Party Assessment Organization (C3PAO)for the Cybersecurity Maturity Model Certification (CMMC) program. We support organizations across the Defense Industrial Base (DIB) as they prepare for and undergo CMMC Level 2 assessments.
Whether you're preparing for a formal certification or seeking a gap assessment, our team helps you navigate the CMMC process with clarity, precision, and deep cybersecurity expertise.
CMMC, the recently released Department of Defense rule, has established an aggressive timeline of under two years before CMMC assessments will become a requirement of all contract awards and executing options. However, subcontractors might encounter contract language inquiring about their current status and progress in their CMMC journey now. Subcontractors that proactively manage their CMMC compliance ensure they can continue to participate in defense contracts.
Why Work with Smithers?
Proven Expertise
Our assessors are certified professionals with decades of experience in cybersecurity, information systems, and compliance. We bring the same disciplined, evidence-based approach used in other accredited auditing programs—ensuring every assessment is thorough and aligned with DoD expectations.
Trusted by Industry
Smithers has worked with defense and aerospace manufacturers, R&D labs, and suppliers of all sizes. We understand the complexities of DFARS, NIST SP 800-171, and how these frameworks intersect with your operations.
End-to-End Support
From readiness reviews to formal assessments, we guide your team through each phase. Our process is designed to reduce uncertainty, increase efficiency, and give you a clear path to certification.
Smithers C3PAO Services
CMMC Level 2 Certification Assessments
For contractors handling Controlled Unclassified Information (CUI), a successful Level 2 assessment is required. We evaluate your compliance with the 110 NIST SP 800-171 requirements, as outlined by the CMMC model.
Readiness (Gap) Assessments
Before undergoing a formal assessment, many organizations choose to identify potential gaps. Our readiness reviews are structured to simulate a real audit—without impacting your official certification timeline.
The Continuous Assessment Process
To learn more about our continuous assessment offering, read our page on why to choose Smithers as your C3PAO.Level 1 and Level 2 Assessment of the client's self-assessment.
The assessment will be conducted using the same processes and standards as a certification assessment. A third-party assessment offers credibility to the results and supports the organization executive or officer who signs the annual affirmation.
Common Questions for C3PAOs
What is a SPRS Score?
SPRS stands for Supplier Performance Risk System. It is the platform into which contractors need to add their compliance scores. Learn more about SPRS scores.
What is ITAR?
ITAR stands for International Traffic in Arms Regulations. Companies that are ITAR-registered is handling controlled unclassified information. Learn more about ITAR and its relationship to CMMC.
Check out the Department of Defense CMMC FAQs
The office of DOD CIO has posted some helpful questions and answers about CMMC.
About Smithers
Founded in 1925 and headquartered in Akron, Ohio, Smithers is a multinational provider of testing, consulting, information, and compliance services. With laboratories and operations in North America, Europe, and Asia, Smithers supports customers in the transportation, life science, packaging, materials, components, consumer, cannabis, dry commodities, and energy industries. Smithers delivers accurate data, on time, with high touch, by integrating science, technology, and business expertise, so customers can innovate with confidence. Smithers is an authorized C3PAO and can be found on the CyberAB Marketplace.
