ANN ARBOR, Mich. — The Cybersecurity Maturity Model Certification (CMMC) program at NSF International Strategic Registrations (NSF-ISR) is poised to become among the first to help secure controlled, unclassified information for the Department of Defense (DoD) supply chain following the certification of two key personnel.

Tony Giles, business lead for information security at NSF-ISR, is a CMMC provisional assessor, and Rhia Dancel, technical manager, is a CMMC registered practitioner. Giles was part of the first group of 72 selected for provisional assessor training and certification by the CMMC accreditation board.

These achievements pave the way for NSF-ISR to become a CMMC third-party assessor organization (C3PAO).

“We are incredibly proud of Tony and Rhia for all the hard work required to earn these certifications, which further enhance NSF-ISR’s credibility and deep experience in information security,” said Jennifer Morecraft, global managing director, NSF-ISR. “NSF-ISR is committed to working with Defense Industrial Base companies to certify the protection of records within the supply chain.”  

The CMMC program will ensure companies in the DoD supply base maintain adequate information security measures to protect the nation’s controlled, unclassified information.

By spring 2021, commercial assessments will begin. By 2025, the DoD will require all suppliers to be certified to the appropriate CMMC level as a matter of national security. Examples of controlled, unclassified information are blueprints for parts of new defense aircraft or specifications for military uniforms.

Giles will conduct CMMC certification assessments of DoD suppliers. Dancel will participate as an assessment team member during the provisional period and support NSF-ISR’s program development.