Schellman Now Authorized to Conduct DoD Assessments; also Reauthorized as a CMMC 3PAO

TAMPA, Fla. – March 31, 2025 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is pleased to announce that Schellman has expanded its offerings to perform cleared assessments for its clients. As an accredited FedRAMP® Third Party Assessment Organization (3PAO), this enables Schellman to perform Department of Defense (DoD) Impact Level 6 (IL6) assessments as well as other NIST-based assessments, SOC 2 examinations, and penetration testing for DoD systems. This milestone strengthens Schellman’s position as a trusted assessment partner for government and defense-related environments.

In addition, Schellman has been reauthorized as a Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessment Organization (C3PAO) under the finalized CMMC Program.  As one of the original C3PAOs, Schellman had the privilege of performing the first assessment under the Joint Voluntary Surveillance Assessment (JVSA) program and has performed multiple assessments for large and small contractors alike.  This reauthorization reinforces Schellman’s role in supporting defense contractors as they navigate evolving cybersecurity requirements set by the Department of Defense.  

DoD IL6 is designed for cloud environments handling information at the Secret level, requiring rigorous cybersecurity standards to protect highly sensitive government data. With this new capability, Schellman can now audit providers and their offerings for authorization against the complex security requirements necessary for IL6, ensuring compliance with the highest federal security standards. As a long-standing FedRAMP and DoD assessment organization, this expansion reinforces Schellman’s expertise in high-impact cloud security assessments. 

"Schellman has been a strategic 3PAO partner for Palantir consistently delivering exceptional assessment services. We are excited to see them expand their capabilities into cleared environments,” said Kevin Carr, US Government Cloud Compliance Lead at Palantir. 

Schellman’s status as the leading FedRAMP 3PAO in the FedRAMP marketplace along with its cross-compliance expertise in ISO 27001, PCI DSS, SOC 2, and HITRUST assessments, combined with their deep understanding of CMMC requirements, positions Schellman uniquely to support their clients' compliance needs. 

“We continue to invest in our federal and DoD capabilities to ensure that these agencies can trust the cloud providers and contractors they work with to protect our critical national security data," said Doug Barbin, President of Schellman & Company, LLC. "These milestones reflect our commitment to quality and diligence at the highest levels of security and protection of information."  

To learn more about Schellman’s Federal suite of services and how it can help an organization’s compliance journey, visit schellman.com.