The Defense Department has released two assessment guides outlining how auditing firms and their assessors will evaluate contractors who want to get certified for Cybersecurity Maturity Model Certification maturity levels one through three. The guides draw heavily from NIST Special Publication 800-171A, which lays out assessment objectives for the majority of CMMC controls through level three and their potential assessment methods. One of the assessment guides is for maturity level one and the other provides details on levels three and...
