Affirming Official
Also known as: Senior Official, Senior Affirming Official
The Affirming Official is the named senior representative of a contractor organization who electronically affirms continued compliance with the applicable CMMC requirements at least annually, as required by 32 CFR 170.22. They must have authority to bind the organization, and they bear the False Claims Act exposure created by a knowingly false affirmation.
Related terms
- Annual Affirmation
The annual affirmation is the electronic statement, posted in SPRS at least every 12 months by an Affirming Official under 32 CFR 170.22, that the contractor continues to meet the security requirements for its CMMC level. Knowingly false affirmations are the explicit enforcement target of the DOJ Civil Cyber-Fraud Initiative.
- False Claims Act
The False Claims Act (31 U.S.C. §§ 3729–3733) is the federal civil statute that imposes treble damages and per-claim penalties on anyone who knowingly submits a false claim for payment to the government. Knowledge includes actual knowledge, deliberate ignorance, and reckless disregard — and applies to contractors who falsely affirm cybersecurity compliance under CMMC.
- 32 CFR Part 170
32 CFR Part 170 is the Department of Defense final rule that established the CMMC program — defining the three certification levels, the assessment regime, the senior-official affirmation requirement, and the role of C3PAOs and the CMMC Accreditation Body. It became effective December 16, 2024.