Pentagon releases CMMC assessment guides with details on control objectives, evaluation considerations

The Defense Department has released two assessment guides outlining how auditing firms and their assessors will evaluate contractors who want to get certified for CMMC maturity levels one through three.

The guides draw heavily from NIST Special Publication 800-171A, which lays out assessment objectives for the majority of Cybersecurity Maturity Model Certification controls through level three and their potential assessment methods. One of the assessment guides is for maturity level one and the other provides details on levels three and...