There were 1,482 press releases posted in the last 24 hours and 397,623 in the last 365 days.

ecfirst Successfully Achieves Authorized CMMC C3PAO Designation

Iowa’s first and America’s 52nd C3PAO

WAUKEE, IA, USA, May 9, 2024 / -- ecfirst, a thought leader in cybersecurity and compliance solutions, is honored to announce its designation as the 52nd Certified Third Party Assessment Organization (C3PAO) in the United States and the first in the state of Iowa. This milestone marks a significant achievement in ecfirst’s mission for a resilient cyber supply chain with the Defense Industrial Base (DIB).

Under the oversight of the Department of Defense (DoD) and the CMMC Accreditation Body (The Cyber AB), ecfirst successfully completed their CMMC Level 2 assessment administered by the Defense Contract Management Agency (DCMA) Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), meeting all requirements for an Authorized Certified Third Party Assessment Organization (C3PAO). The DIBCAC assessment comprehensively reviewed ecfirst's System Security Plan (SSP), policies, plans, procedures, technical controls, and other artifacts.

"As a first-generation American, I am personally humbled at ecfirst receiving the Authorized C3PAO designation. It is not just an honor but a testament to the relentless dedication of our team," said Ali Pabrai, Chief Executive of ecfirst. "We are proud to be at the forefront of protecting our nation’s critical infrastructure and look forward to enabling DIB sector companies in successfully achieving CMMC objectives."

The CMMC framework is a set of mandatory cybersecurity requirements that all DoD contractors must meet to protect Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) to ensure a resilient supply chain.

As the first Authorized C3PAO out of the state of Iowa, ecfirst is uniquely positioned to serve both local and national clients, providing Organizations Seeking Certification (OSCs) with the highest level of cyber readiness and assessment services.

About ecfirst
Founded in 1999, ecfirst is a leading provider of AI, cyber defense, and compliance services across the United States and globally. ecfirst delivers end-to-end services in the areas of HITRUST, CMMC, HIPAA, NIST, Privacy, Pen tests, and AI (ISO 42001 and NIST AI RMF). With ecfirst, you, the client, always have complete flexibility with our fixed-fee services across our On-Demand Consulting and customized Managed Compliance Services Program. Complimentary with every engagement comes ecfirst’s experience from delivering thousands of assessments, ensuring you receive deep industry insight as well as best practices implemented.

ecfirst is a HITRUST Authorized External Assessor, a CMMC Authorized C3PAO, LPP, LTP, and RPO, and has established industry-leading credentials in training including CHP, CSCS, and CCSA. More information is at and

Peter Harvey
Client Executive Contact
Visit us on social media: