Cyber Team Brings CMMC To Clients Operating In Defense Industrial Base Sector

Rea & Associates Earns Cybersecurity Maturity Model Certification (CMMC)

Rea & Associates Certified To Assist Clients In Their Efforts To Protect Controlled Unclassified Information In Accordance With New Department of Defense Regulations

Rea & Associates is now one of fewer than 300 firms that hold the Cybersecurity Maturity Model Certification (CMMC).

February 15, 2021 | New Philadelphia, Ohio – Not only do cybersecurity and data protection concerns present unprecedented challenges among organization leaders and business owners, but there are also huge economic security and, in turn, national security issues associated with the loss of controlled unclassified information or information that has been created or possessed by a third-party organization on behalf of the United States government. To help safeguard this critical information, the Department of Defense has developed the Cybersecurity Maturity Model Certification (CMMC) as the new standard for cybersecurity controls across the entire Defense Industrial Base (DIB), which includes businesses within the manufacturing and construction industries as well as local government entities. This certification serves to provide increased assurance to the Department of Defense that a DIB company is equipped to “adequately protect sensitive unclassified information, accounting for information flow down to subcontractors in a multi-tier supply chain.”

Rea & Associates, a Top 100 CPA and business consulting firm, serves businesses that operate throughout wide variety of industries and many of our clients are considered DIB companies. Therefore, to reinforce the fact that Rea & Associates is committed to the safety and security of all clients, particularly at a time when unknown and evolving threats continue to threaten the livelihoods of America’s small- to mid-sized businesses and the communities that depend on their economic stability, Rea & Associates’ cybersecurity and data protection services team has taken the steps necessary to become a Registered Provider Organization for CMMC. Currently, two leaders on the team, Paul Hugenberg, III, CISSP, CRISC, CISA, principal is now a Certified Registered Practitioner. To date, Rea & Associates is one of fewer than 300 Registered Provider Organizations.

CMMC: It's Not Your Normal Regulation. This is the difference between CMMC and traditional data regulatory assessments. - Rea & Associates - Ohio Cybersecurity Consulting

“Very few firms in our market are capable (or registered) to assist with this new requirement,” said Hugenberg. “Additionally, our team includes a registered practitioner with direct experience in the military supply chain. Our certification, our breadth of experience with clients impacted by CMMC, and our direct military-laden resume places Rea in a position to help clients.”

The Office of the Under Secretary of Defense for Acquisition cites the Council of Economic Advisers’ estimates that “malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016.” Furthermore, the Center for Strategic and International Studies, in partnership with McAfee, reports “that as much as $600 billion, nearly 1% of global GDP, may be lost to cybercrime each year.” These estimates only continue to climb, according to government authorities.

“Obtaining this certification places Rea at the forefront of CMMC, allowing us to continue our position as a trusted advisor during a period of high uncertainty and concern,” said Hugenberg. “During this early stage of CMMC rollouts, we look to guide our impacted clients with clarity, sound advice, and realistic expectations of the impact on CMMC to their operation. Due to the Pass/Fail nature of the guidance, and the implications on an organization to be a party to a Department of Defense contract, clients have to be assured they are getting guidance from trusted partners. We are that partner for them and will continue to be.”

To learn more about this certification or to determine if your organization is required to comply with CMMC standards, contact the cybersecurity and data protection services team at Rea & Associates. For additional information pertaining to the cybersecurity and data protection services Rea & Associates provides, visit

For additional information into the specific categories and subcategories of information that the executive branch of the United States government protects, visit the CUI registry, which can be found at or