TheLimited Practice Deficiency Correction Evaluationprocess occurs when anOrganization Seeking Certification (OSC)has undergone aCMMC Level 2 Assessmentby aCertified Third-Party Assessment Organization (C3PAO)and hasunresolved deficienciesin some security practices.
According toCMMC 2.0 policy and DFARS 252.204-7021, OSCs can still achieveInterim Certificationif they meet theminimum thresholdof security practices while addressing deficiencies through aPlan of Action & Milestones (POA&M).
Minimum Number of Practices Required
TheCMMC 2.0 Interim Rulestates that an OSCmust meet at least 100 out of 110 practicesto qualify for aPOA&M-based remediation.
A maximum of 10 practices can be listed in the POA&Mfor later correction.
Failure to meet at least 100 practices results in failing the assessment outright, requiring a full reassessment after remediation.
Why "C. 100 Practices" is Correct?
The Lead Assessor can recommend POA&M placementonly if the OSC meets at least 100 practices.
Less than 100 practices scored as MET means the OSC does not qualify for a POA&Mand mustretest completely.
DFARS 252.204-7021 and CMMC 2.0 policiesconfirm the100-practice thresholdfor conditional certification.
Why Other Answers Are Incorrect?
A. 80 practices (Incorrect)– Falls well below the 100-practice requirement.
B. 88 practices (Incorrect)– Still below the POA&M eligibility threshold.
D. 110 practices (Incorrect)– While meeting 110 practices would be ideal,CMMC allows a POA&M option at 100 practices.
Conclusion
The correct answer isC. 100 practices, as this meets theminimum threshold for POA&M-based Interim Certification.
[References:, DFARS 252.204-7021 (CMMC Requirement Clause), CMMC 2.0 Assessment Process (CAP) Guide, DoD CMMC 2.0 Policy Overview, , , ]
