During a CMMC assessment, the Lead Assessor, Emily, notices that one of the CCAs on her team, Alex, seems overly critical and skeptical of the evidence presented by the OSC. Although the OSC demonstrates compliance with the required CMMC practices, Alex repeatedly questions the validity of the evidence and suggests the OSC is not meeting the criteria. Concerned that Alex’s behavior may be influenced by bias, Emily decides to address the issue directly. She recalls a previous incident in which Alex took a similar approach, and shortly afterward, the OSC experienced a data breach. What steps should Emily and, most importantly, the C3PAO have taken to prevent this eventuality?
Submit