CONTACT

Document CMMC Status reminder

DECEMBER 2, 2025

Background

Following our recent notice, “Upcoming CMMC Requirements – Immediate Actions to Complete”, all active Artefaktum suppliers are required to submit their Cybersecurity Maturity Model Certification (CMMC) status. To address these requirements, a new form – the Cybersecurity Compliance Attestation (CCA) – must be completed in our Artefaktum Momentum System.

  • What the CCA does: It records your organization’s attestations on the applicability of / compliance to U.S. Government (USG) cybersecurity regulations, including your current CMMC status. 
  • When you’ll receive it: Within the next few weeks, you will be sent an invitation through Exostar that includes step-by-step guidance for accessing the CCA and updating your self certifications. 
  • Why it matters: The CCA is an interim form, pending an update to our Cybersecurity Compliance and Risk Assessment (CCRA). It will be the primary source for CMMC and other compliance related attestations. 
1. Address DOD’s Requirements
 
Based on the history of contracts received from Artefaktum and the types of possible future work, active suppliers should determine their required CMMC level and document corresponding self-assessment or C3PAO assessment in DOD’s SPRS system.
 
2. Provide your CMMC Status to Artefaktum 
 
As part of an organization’s vendor profile self-certifications in Momentum, Artefakum requires all suppliers to attest regarding USG cyber regulatory applicability and their compliance with any applicable regulations. Effective with DOD’s CMMC requirements, this includes documenting an organization’s applicable CMMC statuses that support Artefaktum subcontract work using the Cybersecurity Compliance Attestation (CCA) in Momentum.
  • Complete the CCA as soon as possible to avoid business disruptions for awarding subcontracts with CMMC requirements. 
  • Note for organizations with previously submitted CCRA: prior submissions will be available for review only (cannot be edited).

3. Maintain Current CMMC Status

Be aware that any lapse in required CMMC status will directly impact your organization’s ability to receive DOD subcontracts. Ensure that you maintain current annual affirmations of continuous compliance, and that your last assessment date is within required timeframes:

  • Level 1 – FCI Only: Re-assessment (and affirmation) required each (1) year 
  • Level 2/3 Conditional – CUI: Finalize within 180 days from assessment date, otherwise expires 
  • Level 2/3 Final – CUI: Re-assessment required every 3 years 
  • Affirmations of Continued Compliance required annually for all CMMC Statuses 

Proactive cooperation is essential to maintaining the security of the Defense Industrial Base and guaranteeing uninterrupted business operations with Artefaktum. Please allocate the necessary resources promptly to ensure your company is prepared. Thank you for your continued partnership and dedication to cybersecurity excellence.

For questions, please reach out

Contact us

Global Headquarter

Artefaktum LLC
1201 Connecticut Ave NW
Washington, DC 20036

For inquiries about careers, contracts, services, or becoming a supplier, contact us using the form below.