Schneider Downs Achieves CMMC Third-Party Assessor Certification

Schneider Downs & Co., Inc. has successfully completed the Certified Third-Party Assessor Organization (C3PAO) accreditation process and applied for the CMMC ML-3 assessment performed by the Defense Contract Management Agency’s (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC). Pending a successful CMMC ML-3 assessment, Schneider Downs will be authorized to provide certification assessments for the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC) program. 

 “This represents another step in our commitment to provide comprehensive compliance assessment services to organizations dealing with the Department of Defense,” explained Eric M. Wright, shareholder at Schneider Downs. “Schneider Downs is already certified as a Registered Provider Organization to provide preliminary CMMC advisory assessments. Completing the C3PAO certification furthers our ability to assist clients as they navigate the challenges of confirming data security when working with the Department of Defense.”

Schneider Downs currently provides CMMC readiness and consulting services. The team includes a Certified CMMC Provisional Assessor, and several other members currently in process of applying for CMMC Certified Assessor status who plan on completing training in Q2 of 2021.

About CMMC

The CMMC is a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes hundreds of thousands of contractors across the nation. The DOD created the CMMC compliance standard to improve the security of the supply chain of the DIB. 

New legislation requires third-party assessments of contractors’ compliance with the standardized practices and procedures – making it essential to involve an assessor with CMMC certification.  Contractors that receive Federal Contract Information (FCI) and/or Controlled Unclassified Information (CUI) will not be able to do business with the DOD without complying with CMMC requirements.

The CMMC framework adds a certification element to verify the implementation of processes and practices associated with the achievement of a cybersecurity model.  CMMC is designed to provide increased assurance to the DOD that a DIB contractor can adequately protect FIC and CUI at a level commensurate with the risk, accounting for information flow down to its subcontractors in a multi-tier supply chain.

For more information on how Schneider Downs can help with CMMC, please visit /cmmc or contact us.

About Schneider Downs & Co., Inc.

Schneider Downs’ dedicated IT Risk Advisory practice works with organizations across the country to help them gain valuable insights into their processes and technologies. Schneider Downs partners with clients to provide comprehensive IT audits and compliance reviews that will ensure your organization has effective and efficient technology controls that better align the technology function with their business and risk strategies.

Schneider Downs is a regional accounting and business consulting firm providing tax, audit and business advisory services to public and private companies and nonprofit organizations. The firm offers more than 80 services from five business units: Assurance and Tax Advisors; Business Advisors; Technology Advisors; Wealth Management Advisors; and Corporate Finance Advisors. With offices in Pittsburgh, Columbus and the District of Columbia, the firm serves clients with local, national and global interests. 

Get the weekly newsletter with our most recent columns and relevant insights to you.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.


Every moment counts. For urgent requests, contact the Schneider Downs digital forensics and incident response team at 1-800-993-8937. For all other requests, please complete the form below.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.