Annual Affirmation
Also known as: Senior Official Affirmation, 170.22 Affirmation
The annual affirmation is the electronic statement, posted in SPRS at least every 12 months by an Affirming Official under 32 CFR 170.22, that the contractor continues to meet the security requirements for its CMMC level. Knowingly false affirmations are the explicit enforcement target of the DOJ Civil Cyber-Fraud Initiative.
Related terms
- Affirming Official
The Affirming Official is the named senior representative of a contractor organization who electronically affirms continued compliance with the applicable CMMC requirements at least annually, as required by 32 CFR 170.22. They must have authority to bind the organization, and they bear the False Claims Act exposure created by a knowingly false affirmation.
- Supplier Performance Risk System
The Supplier Performance Risk System (SPRS) is the Department of Defense system of record where contractors post their NIST SP 800-171 assessment scores and CMMC affirmations. Contracting officers verify SPRS entries before award on solicitations that include DFARS 252.204-7019, -7020, or -7021.
- False Claims Act
The False Claims Act (31 U.S.C. §§ 3729–3733) is the federal civil statute that imposes treble damages and per-claim penalties on anyone who knowingly submits a false claim for payment to the government. Knowledge includes actual knowledge, deliberate ignorance, and reckless disregard — and applies to contractors who falsely affirm cybersecurity compliance under CMMC.