Firm Authorized by The Cyber AB on February 24, 2026 to Perform Official CMMC Level 2 Certification Assessments Under 32 CFR Part 170

DALLAS–FORT WORTH METROPLEX, Texas, Feb. 27, 2026 /PRNewswire/ -- Perezdiaz Federal, the independent assessment division of Perezdiaz, LLC, today announced its authorization as a CMMC Third-Party Assessment Organization (C3PAO) under Title 32 Code of Federal Regulations Part 170. The authorization, issued February 24, 2026, by The Cyber AB - the official accreditation body of the CMMC Ecosystem - enables Perezdiaz Federal to perform official Cybersecurity Maturity Model Certification (CMMC) Level 2 assessments and render formal certification determinations for organizations across the Defense Industrial Base (DIB).

Fewer than 100 authorized C3PAOs currently serve an ecosystem of more than 80,000 Defense Industrial Base contractors. Perezdiaz Federal is among the first 100 organizations to achieve this designation, positioning the firm at the leading edge of independent verification as the Department of War operationalizes CMMC requirements across federal acquisitions.

Independent Assessment. Not Advisory Services.

Operating under strict independence requirements defined in 32 CFR Part 170, Perezdiaz Federal functions exclusively as an authorized assessment body during certification engagements - not as a consultant, advisor, or remediation provider.

"Our role is not to advise. Our responsibility is to independently verify that security controls are implemented, operational, and producing the intended risk outcomes."
— George Perezdiaz, Founder & Managing Director, Perezdiaz, LLC

CMMC Level 2 certification applies to organizations that process, store, or transmit Controlled Unclassified Information (CUI) in support of Department of War contracts, a requirement now embedded directly into DFARS acquisition language.

A Firm Built on Assessment-Grade Realism

Perezdiaz Federal is led by a founder with more than 20 years of experience supporting, assessing, and protecting aerospace and defense programs. George Perezdiaz is among the first 50 Lead Certified CMMC Assessors (CCA) nationwide — a credential issued by The Cybersecurity Assessor and Instructor Certification Organization (CAICO) — and holds advanced professional designations including Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC).

Prior to founding Perezdiaz, LLC, George served honorably in the United States Air Force and held federal civilian and contractor roles supporting the National Military Command Center (NMCC), the Office of the Secretary of Defense, and the Department of State. He later served as IT Risk and Compliance Leader for a Fortune 500 prime contractor, leading a successful DIBCAC High Assessment under NIST SP 800-171A and DFARS 252.204-7012.

That depth of experience shapes Perezdiaz Federal's founding philosophy:

Controls must perform in practice. Not simply exist in documentation.

What Perezdiaz Federal Assesses

Certification assessments are designed to determine whether:

• Security controls are implemented as required under NIST SP 800-171A
• Controls are functioning as intended under real operational conditions
• Risks are being actively managed — not deferred or papered over
• Controlled Unclassified Information is safeguarded appropriately across the environment

Beyond formal certification engagements, Perezdiaz Federal also provides independent third-party internal assessments to support executive-level affirmation requirements - evaluating control effectiveness between certification cycles, identifying operational drift, validating remediation closure, and providing defensible support to Affirming Officials and senior leadership.

Strengthening Trust Across the Defense Supply Chain

"CMMC is not a compliance exercise. It is a trust verification mechanism across the defense supply chain. Our responsibility is to confirm that the safeguards organizations attest to are in place, functioning, and protecting the information entrusted to them."
- George Perezdiaz

As CMMC requirements become embedded in the Department of War's source selection and contract administration, contractors face a binary reality: demonstrate a verified cybersecurity posture or lose access to federal business. Perezdiaz Federal's independent assessments deliver objective, evidence-based assurance to the U.S. Department of War, prime contractors, federal acquisition stakeholders, and executive leadership responsible for affirmation decisions.

Perezdiaz, LLC is a veteran-owned firm registered in the System for Award Management (SAM) with active CAGE registration.

About Perezdiaz Federal

Perezdiaz Federal is a veteran-owned, independent cybersecurity assessment firm serving the Defense Industrial Base and federal contractor community from the Dallas–Fort Worth Metroplex, Texas. As an authorized CMMC Third-Party Assessment Organization (C3PAO) - among the first 100 authorized in the United States - the firm performs official CMMC Level 2 certification assessments under 32 CFR Part 170, delivering objective, evidence-based cyber assurance grounded in over 20 years of aerospace and defense program experience.

Verify Authorization: https://api.badgr.io/public/assertions/VoNxBuj0RkiEOIgiOmEaQA
Website: https://perezdiaz.com
LinkedIn: https://www.linkedin.com/company/perezdiaz-federal/

View original content:https://www.prnewswire.com/news-releases/veteran-owned-perezdiaz-llc-achieves-c3pao-authorization-joins-fewer-than-100-authorized-assessment-bodies-serving-80-000-defense-contractors-302699875.html

SOURCE Perezdiaz, LLC