CohnReznick earns reauthorization of CMMC Third-Party Assessment Organization (C3PAO) designation

The Department of Defense (DoD) has officially published the CMMC final rule, effective Dec. 16, 2024. Read what this could mean for your organization and next steps to take.

New York, NY — June 27, 2025 — CohnReznick, LLP, one of the leading professional services firms in the United States, announced that on May, 2025, it was reauthorized by the Cybersecurity Maturity Model Certification (CMMC) accreditation body (Cyber AB) as a CMMC Third-Party Assessment Organization (C3PAO). The designation allows CohnReznick to assess Department of Defense (DoD) contractors seeking CMMC compliance under the joint surveillance voluntary assessment program or as soon as the CMMC rule is finalized.

“CohnReznick has a 40-year history of serving the government contracting community,” said Kristen Soles, CohnReznick Government Contracting Practice Leader. “This prestigious designation places CohnReznick among only 71 available C3PAO providers in the nation authorized to conduct CMMC assessments of government contractors seeking to provide services to the Department of Defense (DoD). We are pleased to further commit to serving defense contractors by adding CMMC compliance to our suite of advisory services for government contractors.”

It's important to note that the Cybersecurity Maturity Model Certification (CMMC) is required for any organizations that are part of the Defense Industrial Base. CMMC will apply to organizations of all sizes in the supply chain and manufacturing. Information technology, engineering, consulting, and universities.

About The Cyber AB

The CMMC Accreditation Body, Inc., is a private, independent, Maryland-based, nonprofit, 501(c)(3) tax-exempt organization that serves as the sole official partner of the Department of Defense, via contract, for the implementation, accreditation, and oversight of the CMMC Ecosystem and its support to the Defense Industrial Base.