The testing or evaluation of security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for an information system or organization [NIST SP 800-37 Rev. 2].
Assessment is the term used by CMMC for the activity performed by the C3PAO to evaluate the CMMC level of a DIB contractor. Self-assessment is the term used by CMMC for the activity performed by a DIB contractor to evaluate their own CMMC level. [CMMC]
Comments
0 comments
Please sign in to leave a comment.