JSVA

A Joint Surveillance Voluntary Assessment (JSVA) is a CMMC Level 2 assessment conducted by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) instead of by a commercial C3PAO. The 'voluntary' in the name refers to the fact that contractors can choose to undergo a JSVA if they prefer a government-led assessment.

JSVAs are conducted under the same NIST SP 800-171 Rev 2 standards and the same NIST SP 800-171A assessment objectives as a commercial C3PAO assessment. The result is recorded in SPRS the same way and counts toward the contractor's CMMC Level 2 certification status.

Contractors typically opt for a JSVA when they want the credibility of a government-conducted assessment, when they have an existing relationship with DCMA, or when they are working on contracts where DIBCAC already has visibility into their environment.