News release

The Cyber AB Names RSM an Authorized Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessment Organization (C3PAO)

RSM is Now the Largest C3PAO in the CMMC Ecosystem

Nov 09, 2022

Kimberly Bartok, National Public Relations Leader,, 212.372.1239
Andreia DeVries, National Public Relations Manager,, 954.449.8096
for media use only 

The Cyber AB Names RSM an Authorized Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessment Organization (C3PAO)

RSM is Now the Largest C3PAO in the CMMC Ecosystem

CHICAGO – (November 9, 2022) – RSM US LLP (“RSM”) – the nation’s leading provider of audit, tax and consulting services focused on the middle market – was recently authorized as a Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessment Organization (C3PAO) by The Cyber AB. The Cyber AB is the official accreditation body of the CMMC Ecosystem and the sole authorized non-governmental partner of the U.S. Department of Defense (DOD) in implementing and overseeing the CMMC conformance regime. With this authorization, RSM is the largest C3PAO in the CMMC Ecosystem.

The C3PAO designation authorizes RSM to provide consulting and examination services to contractors within the Defense Industrial Base (DIB). A C3PAO is an organization that has passed a rigorous series of requirements to become acknowledged by The Cyber AB, on behalf of the DOD, as being objective and competent to perform assessments, consulting and remediation of Organizations Seeking Certifications (OSC). The designation also certifies that RSM has built a secure environment to maintain its clients’ Controlled Unclassified Information (CUI) in accordance with the DOD’s and The Cyber AB’s expectations.

As an authorized C3PAO, RSM is one of a few firms currently approved to provide surveillance examinations of OSCs in collaboration with the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) during the interim rulemaking process.  

“I am immensely proud of our government contracting cybersecurity & privacy team for achieving this authorization,” said Dara Castle, Washington DC metro area managing partner and national government contracting leader with RSM US LLP. “As a C3PAO we are able to help our defense industrial base clients safeguard sensitive national security information while they execute their critical mission objectives. This designation also enables us to help other clients, key groups and organizations, and aligns with our commitment to serving the Federal government contracting and grant recipient community.”

“This designation underscores how we’ve developed a practice specially-trained to provide the depth and breadth of federal cyber risk services to help protect our nation’s sensitive unclassified data and critical infrastructure,” said Charles Barley Jr., principal and national government contracting security and privacy risk leader with RSM US LLP.

For more information about RSM’s cybersecurity services, visit our website.


RSM is the leading provider of professional services to the middle market. The clients we serve are the engine of global commerce and economic growth, and we are focused on developing leading professionals and services to meet their evolving needs in today’s ever-changing business landscape. Our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential.

RSM US LLP is the U.S. member of RSM International, a global network of independent assurance, tax and consulting firms with 57,000 people in 120 countries. For more information, visit, like us on Facebook, follow us on Twitter and/or connect with us on LinkedIn.