CMMCDocs.comHome / Glossary / Assessment Objective
Assessment Objective
Also known as: Determination statement
A specific, testable statement defined in NIST SP 800-171A that an assessor uses to render a met / not met / not applicable verdict on part of a security requirement.
An assessment objective is a specific, testable determination statement defined in NIST SP 800-171A. Each of the 110 security requirements in NIST SP 800-171 is broken down into one or more assessment objectives — there are roughly 320 in total — and each objective is what an assessor actually evaluates during a CMMC Level 2 assessment.
For example, the access control requirement AC.L2-3.1.1 ('Limit system access to authorized users, processes acting on behalf of authorized users, and devices') is broken down into multiple assessment objectives covering authorized user identification, authorized process identification, authorized device identification, and the limitation mechanism itself.
An assessor renders a met, not met, or not applicable verdict on each objective. A requirement is fully met only if all of its underlying objectives are met. Evidence collected by the contractor should be mapped to specific assessment objectives, not just to the parent requirements.
Stop Googling. Start working.
CMMCDocs has all 110 NIST SP 800-171 Rev 2 requirements built in — with the language, the templates, and the evidence vault you need. Spin up a free demo workspace and click around the way an assessor would.
Get my demo account