Binary Assessment
Also known as: MET / NOT MET
Binary assessment is the CMMC Level 1 scoring model in which each of the 15 safeguarding requirements is rated either MET or NOT MET — there is no partial credit, no point value, and no Plan of Action and Milestones (POA&M) permitted. The organization must achieve MET on all 15 requirements to be compliant.
Related terms
- CMMC Level 1
CMMC Level 1 is the lowest of the three CMMC certification tiers, covering contractors who handle Federal Contract Information (FCI) but not CUI. It requires implementing the 15 safeguarding requirements in FAR 52.204-21(b)(1), an annual self-assessment, and an annual senior-official affirmation posted in SPRS.
- Plan of Action and Milestones
A Plan of Action and Milestones (POA&M) is a written document that identifies security weaknesses, the corrective actions planned to address them, and the milestones for doing so. POA&Ms are permitted at CMMC Level 2 (for limited categories of controls, with closure timelines) but are NOT permitted at Level 1 — Level 1 requires full implementation before affirmation.
- Self-Assessment
A CMMC self-assessment is an internally-conducted evaluation of an organization's implementation of the applicable security requirements, performed without a third-party assessor. CMMC Level 1 is exclusively self-assessed; CMMC Level 2 is self-assessed for some programs and C3PAO-assessed for others depending on the contract requirement.