Under DFARS and CMMC requirements, the prime contractor is responsible for ensuring its subcontractors meet the required CMMC level. Neither the DoD, The Cyber AB, nor OUSD A&S directly manages subcontractor certification.
Supporting Extracts from Official Content:
DFARS 252.204-7021: “The contractor shall ensure that its subcontractors have the appropriate CMMC level certification for the information they will handle.”
Why Option D is Correct:
Compliance responsibility flows through the contractor supply chain.
CMMC-AB (The Cyber AB) accredits assessors but does not police subcontractors.
OUSD A&S sets policy, not enforcement at contract level.
DoD agencies only require compliance at award/contract oversight level.
References (Official CMMC v2.0 Content):
DFARS 252.204-7021.
CMMC Model v2.0 governance guidance.
===========
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit