DOD releases CMMC assessment guides with details on control objectives, evaluation considerations

By Sara Friedman / December 7, 2020 at 11:20 AM
The Defense Department has released two assessment guides outlining how auditing firms and their assessors will evaluate contractors who want to get certified for Cybersecurity Maturity Model Certification maturity levels one through three. The guides draw heavily from NIST Special Publication 800-171A, which lays out assessment objectives for the majority of CMMC controls through level three and their potential assessment methods. One of the assessment guides is for maturity level one and the other provides details on levels three and...

Not a subscriber? Sign up for 30 days free access to exclusive, behind-the-scenes reporting on defense policy and procurement.

Log in to access this content.