Assessment Objective
Also known as: Determination Statement
An assessment objective is a discrete, atomic statement an assessor uses to determine whether a security requirement has been satisfied. NIST SP 800-171A breaks each of the 110 NIST 800-171 controls into multiple assessment objectives (approximately 320 in total) — the CMMC Level 1 Assessment Guide breaks each of the 15 requirements into a smaller set of objectives.
Related terms
- NIST SP 800-171A
NIST SP 800-171A is the companion assessment guide to SP 800-171 — it breaks each of the 110 controls into discrete assessment objectives (about 320 in total) that an assessor uses to verify implementation. CMMC Level 2 assessments are conducted against the 800-171A objectives.
- Self-Assessment
A CMMC self-assessment is an internally-conducted evaluation of an organization's implementation of the applicable security requirements, performed without a third-party assessor. CMMC Level 1 is exclusively self-assessed; CMMC Level 2 is self-assessed for some programs and C3PAO-assessed for others depending on the contract requirement.