
No, CMMC (Cybersecurity Maturity Model Certification) does not allow for self-attestation of compliance. In order for the Department of Defense to recognize a contractor as CMMC compliant, that contractor must pass a review administered by an authorized Certified Third-Party Assessor Organization (C3PAO). That third-party firm cannot be the same firm that is managing a defense […]