The National Defense Information Sharing & Analysis Center (ND-ISAC) is pleased to announce the release of a “C3PAO Shopping Guide for Small & Medium-Sized Businesses.” The guide was created through a team effort among participants in ND-ISAC’s Small & Medium-Sized Business Working Group in consultation with other SMBs across the Defense Industrial Base (DIB), along with feedback from assessors associated with Third-Party Assessment Organizations (C3PAOs) under the Department of Defense’s (DoD) evolving Cyber Maturity Model Certification (CMMC).
Download the Shopping Guide here: https://ndisac.org/wp-content/uploads/2024/03/ND-ISAC_C3PAO-Shopping-Guide-for-SMBs_v12_13MAR2024.pdf
Download the Scoring Tool here: https://ndisac.org/wp-content/uploads/2024/03/CMMC-C3PAO-Scoring-Spreadsheet-V3.2024.xlsx
ND-ISAC principal authors include Allison Giddens, CEO, Win-Tech Inc.; Terry Hebert, Director of Information Technology, Centurum Inc.; and Andy Sauer, Win-Tech Inc vCISO. ND-ISAC also acknowledges the generous consults and contributions of Amira Armond, Kieri Solutions; an Ozzie Saaed, IntelliGRC.
Allison Giddens noted, “SMBs have to sort through a blizzard of commercials about CMMC and impending assessments. The ND-ISAC assessor shopping guide has the credibility of being provided by peer SMB leaders who distilled their hard won knowledge with the sole motivation that others may better succeed on their experience.” Terry Hebert said SMBs across the Defense Industrial Base should consider membership in ND-ISAC, “They will find a warm welcome from their ND-ISAC peers plus extensive resources to support their cybersecurity journey.”
Steve Shirley ND-ISAC Executive Director said, “Whether it’s ND-ISAC or another choice, SMBs should find a ‘battle buddy’ so to speak to help them fight through their cybersecurity challenges. Shirley added that across the Defense Industrial Base small and medium-sized businesses perform key roles. He emphasized that ”If SMB’s don’t thrive, neither does the DIB.” Shirley underscored this by pointing to a Department of Defense press release in January 2023, where DoD stated, “Small businesses make up 99.9 percent of all U.S. businesses as well as 73 percent of companies in the defense industrial base, and last year small businesses were awarded over 25 percent of DoD prime contracts.”
The ND-ISAC is a non-profit, non-federal entity established and funded by its member companies to support their collective cybersecurity and resilience against all hazards through multiple lines of effort. Traditional defense contractors form approximately two-thirds of ND-ISAC’s ~140 member companies. The remaining third are companies with whom traditional defense contractors have key interdependencies but have predominant lines of business in other sectors such as Finance, Health/Pharma, Comms/IT, Chem, and Energy; plus DoD university affiliated research centers and DoD federally funded research and development centers. ND-ISAC’s small and medium-sized member companies are energetic participants across the entire range of ND-ISAC lines of effort. For more information or learn how to become part of ND-ISAC, contact Info@NDISAC.org.