CMMCDocs.comHome / Glossary / Annual Affirmation
Annual Affirmation
Also known as: Senior official affirmation · SPRS affirmation
A required annual attestation by a senior company official in SPRS confirming that the contractor's CMMC certification status and SPRS score remain accurate.
The annual affirmation is a CMMC 2.0 requirement that obligates a senior company official to attest, every year, that the contractor's CMMC certification status and corresponding SPRS score remain accurate. The affirmation is submitted through the Supplier Performance Risk System (SPRS).
The affirming official must be a senior representative of the company — typically the CEO, COO, CISO, or another C-suite officer with authority to bind the company on cybersecurity matters. The affirmation is a personal attestation and creates personal accountability: a knowingly false affirmation creates False Claims Act exposure for the affirming official.
Annual affirmations apply at every CMMC level. At Level 2, they are required between triennial certification assessments. At Level 1 (and the small subset of Level 2 contracts that permit annual self-assessment), the annual affirmation accompanies the contractor's self-assessment.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account