DOD assessment official: Pentagon is considering 'one-year affirmation' mechanism for CMMC certification

By Sara Friedman / March 23, 2022 at 10:13 AM
The Defense Department is looking into how to keep contractors who pass a Cybersecurity Maturity Model Certification assessment accountable for maintaining their systems during the three-year certification period, according to John Ellis of the Defense Contract Management Agency, who says DOD may add an "affirmation" mechanism for companies to assert their compliance each year. Ellis explained the “one-year affirmation” in the context of the “early adopter assessments” which will allow companies to obtain a CMMC certification before the final rulemaking...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.