The National Defense Information Sharing & Analysis Center (ND-ISAC) is pleased to announce the release of a “C3PAO Shopping Guide for Small & Medium-Sized Businesses.” The guide was created through a team effort among participants in ND-ISAC’s Small & Medium-Sized Business Working Group in consultation with other SMBs across the Defense Industrial Base (DIB), along with feedback from assessors associated with Third-Party Assessment Organizations (C3PAOs) under the Department of Defense’s (DoD) evolving Cyber Maturity Model Certification (CMMC).
Full news release from ND-ISAC
Allison Giddens noted, “SMBs have to sort through a blizzard of commercials about CMMC and impending assessments. The ND-ISAC assessor shopping guide has the credibility of being provided by peer SMB leaders who distilled their hard won knowledge with the sole motivation that others may better succeed on their experience.”
Steve Shirley ND-ISAC Executive Director said, “Whether it’s ND-ISAC or another choice, SMBs should find a ‘battle buddy’ so to speak to help them fight through their cybersecurity challenges. Shirley added that across the Defense Industrial Base small and medium-sized businesses perform key roles. He emphasized that ”If SMB’s don’t thrive, neither does the DIB.” Shirley underscored this by pointing to a Department of Defense press release in January 2023, where DoD stated, “Small businesses make up 99.9 percent of all U.S. businesses as well as 73 percent of companies in the defense industrial base, and last year small businesses were awarded over 25 percent of DoD prime contracts.”
You can download the guide and scoring spreadsheet below, or from the news release.