Cybersecurity Maturity Model
Certification Assessment Information
New
collection (Request for a new OMB Control Number)
No
Regular
07/28/2023
Requested
Previously Approved
36 Months From Approved
31,612
0
6,374,254
0
1,243,651,131
0
The Cybersecurity Maturity Model
Certification (CMMC) Program provides for the assessment of
contractor implementation of cybersecurity requirements to enhance
confidence in contactor protection of unclassified information
within the DoD supply chain. The CMMC Program is implemented under
48 CFR, with associated rulemaking for CMMC to align CMMC Program
requirements (e.g., CMMC Scoring Methodology, certificate issuance,
information accessibility) under 32 CFR Subpart D. This information
collection is necessary to support the implementation of the CMMC
assessment process for Levels 1 and 2 self-assessment, as defined
in 32 CFR Part § 170.31 and 32 CFR Part § 170.32 respectively;
Level 2 certification assessment, as defined in 32 CFR Part §
170.33; and Level 3 certification assessment, as defined in 32 CFR
Part § 170.34.
US Code:
5 USC
301 Name of Law: National Defense Authorization Act for Fiscal
Year 2020
On behalf of this Federal agency, I certify that
the collection of information encompassed by this request complies
with 5 CFR 1320.9 and the related provisions of 5 CFR
1320.8(b)(3).
The following is a summary of the topics, regarding
the proposed collection of information, that the certification
covers:
(i) Why the information is being collected;
(ii) Use of information;
(iii) Burden estimate;
(iv) Nature of response (voluntary, required for a
benefit, or mandatory);
(v) Nature and extent of confidentiality; and
(vi) Need to display currently valid OMB control
number;
If you are unable to certify compliance with any of
these provisions, identify the item by leaving the box unchecked
and explain the reason in the Supporting Statement.
0704-CMMC_SSA_7.26.23.docx
CMMC Level 3 Certification Assessments