DOD assessment official: Pentagon is considering ‘one-year affirmation’ mechanism for CMMC certification

The Defense Department is looking into how to keep contractors who pass a CMMC assessment accountable for maintaining their systems during the three-year certification period, according to John Ellis of the Defense Contract Management Agency, who says DOD may add an affirmation mechanism for companies to assert their compliance each year.

Ellis explained the “one-year affirmation” in the context of the “early adopter assessments” which will allow companies to obtain a CMMC certification before the final rulemaking process is complete....