Inside Cybersecurity

July 2, 2022

Daily News

DOD assessment official: Pentagon is considering ‘one-year affirmation’ mechanism for CMMC certification

By Sara Friedman / March 23, 2022

The Defense Department is looking into how to keep contractors who pass a CMMC assessment accountable for maintaining their systems during the three-year certification period, according to John Ellis of the Defense Contract Management Agency, who says DOD may add an affirmation mechanism for companies to assert their compliance each year.

Ellis explained the “one-year affirmation” in the context of the “early adopter assessments” which will allow companies to obtain a CMMC certification before the final rulemaking process is complete....


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.