Penacity Authorized as Certified Third-Party Accessor Organization (C3PAO) by Cyber AB

  • Post author:
  • Post category:AW Posts
  • Post comments:0 Comments

Penacity is one of the twenty-two companies currently authorized by the Cyber AB to certify CMMC compliance across the Defense Industrial Base

September 21, 2022 – 7:00am EST

HANOVER, MD. – Penacity, LLC (Penacity), a state-of-the-art cybersecurity and technology services company, announced today that it has been named a Cybersecurity Maturity Model Certification (CMMC) Certified Third-Party Assessment Organization (C3PAO). Penacity is a Service-Disabled Veteran Owned Small Business (SDVOSB) serving the federal government and private sector with cybersecurity and technology solutions and is headquartered in Hanover, Md. Penacity joins only 21 other C3PAOs on the Marketplace able to assist organizations in their assessments for CMMC.

While the Department of Defense (DoD) has not finalized Level 2 requirements, Penacity is ready to assist organizations in their Level 1 SPRS system self-certification and their preparation in developing a CMMC-compliant System Security Plan (SSP).  Founded in 2016, Penacity is uniquely qualified to provide consulting and recommendations to clients implementing the CMMC process based on years of experience providing technical assessments and compliance support for companies seeking certifications including NIST 800-171, PCI/DSS, ITAR and GDPR. Additionally, Penacity has the inside knowledge and a proprietary method to help companies working with the Defense Industrial Base to achieve CMMC compliance efficiently and effectively.

“We’re proud to serve the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) and Cyber AB as a Certified Third-Party Assessor Organization,” said Dr. Timothy Schilbach, Founder and CEO of Penacity. “We can now conduct assessments for companies seeking to do business with the DIB and needing certification from the CMMC-AB to do so. As a small business ourselves, we understand the necessity of being able to do this with the least possible resource burden and have optimized our systems accordingly to ensure we can deliver our customers the best possible value.”

Penacity has already completed many readiness assessments and its designation as one of the first authorized C3PAOs is a testament to the in-depth knowledge of Governance and the elite qualifications of Penacity’s security team. Penacity’s extensive history providing assessment leverages the company’s deep expertise in auditing, compliance, and cybersecurity technologies. Penacity is also a CMMC-AB Registered Provider Organization (RPO) with a seasoned team of CMMC-AB Registered Practitioners (RP) and security professionals on staff.

View Penacity’s entry on the Cyber AB’s Marketplace. For more information on Penacity’s CMMC and cyber security solutions, please visit Penacity’s website at or reach out to us by email at


Leave a Reply