Binary Assessment
Also known as: MET / NOT MET
Binary assessment is the CMMC Level 1 scoring model in which each of the 15 safeguarding requirements is rated either MET or NOT MET, there is no partial credit, no point value, and no Plan of Action and Milestones (POA&M) permitted. The organization must achieve MET on all 15 requirements to be compliant.
Related terms
- CMMC Level 1
CMMC Level 1 is the lowest of the three CMMC certification tiers, covering contractors who handle Federal Contract Information (FCI) but not CUI. It requires implementing the 15 safeguarding requirements in FAR 52.204-21(b)(1), an annual self-assessment, and an annual senior-official affirmation posted in SPRS.
- Plan of Action and Milestones
A Plan of Action and Milestones (POA&M) is a written document that identifies security weaknesses, the corrective actions planned to address them, and the milestones for doing so. POA&Ms are permitted at CMMC Level 2 (for limited categories of controls, with closure timelines) but are NOT permitted at Level 1, Level 1 requires full implementation before affirmation.
- Self-Assessment
A CMMC self-assessment is an internally-conducted evaluation of an organization's implementation of the applicable security requirements, performed without a third-party assessor. CMMC Level 1 is exclusively self-assessed; CMMC Level 2 is self-assessed for some programs and C3PAO-assessed for others depending on the contract requirement.