Certified CMMC Assessor (CCA)
The Cybersecurity Maturity Model Certification (CMMC) program provides a standard model and process for conducting a conformity assessment of Department of Defense (DoD) suppliers and service providers. Organizations wanting to provide products and services to the DoD will be required to demonstrate their cybersecurity competency and compliance under the CMMC program.
A Certified CMMC Assessor (CCA) applies a rigorous Assessment Process to ensure the relevant security controls have been effectively implemented and that there is evidence that these controls can be sustained.
This course covers identifying the scope of an Assessment, assessing the CMMC Level 2 practices, and using an established process and workflow to enable efficiencies during an Assessment.
- Protect CUI with the CMMC program.
- Establish the key elements of your responsibilities as a professional CMMC Assessor.
- Work through an Assessment.
- Validate the context and scope of a Level 2 CMMC Assessment.
- Assess the practices in the Access Control (AC) domain.
- Assess the practices in the Awareness and Training (AT) domain.
- Assess the practices in the Audit and Accountability (AU) domain.
- Assess the practices in the Security Assessment (CA) domain.
- Assess the practices in the Configuration Management (CM) domain.
- Assess the practices in the Identification and Authentication (IA) domain.
- Assess the practices in the Incident Response (IR) domain.
- Assess the practices in the Maintenance (MA) domain.
- Assess the practices in the Media Protection (MP) domain.
- Assess the practices in the Personnel Security (PS) domain.
- Assess the practices in the Physical Protection (PE) domain.
- Assess the practices in the Risk Assessment (RA) domain.
- Assess the practices in the System and Communications Protection (SC) domain.
- Assess the practices in the System and Information Integrity (SI) domain.
This course is designed for Certified CMMC Professionals (CCP) who are interested in becoming Certified CMMC Assessors (CCA), as well as Certified CMMC Instructors (CCI) who want to teach this CCA course in the future. This course is also beneficial to employees of Defense Industrial Base (DIB) Organizations Seeking Certification (OSCs) because an understanding of how CCPs and CCAs think during an Assessment will ensure better Assessment readiness.
Certified CMMC Professional (CCP)
- Protect Controlled Unclassified Information (CUI)
- Utilize the CMMC Source Documents
- Identify assessment roles and responsibilities
- Establish an assessor mindset
- Determine the OSC's cybersecurity environment
- Identify assessment flow and milestone events
- Prepare to work with the OSC
- Formalize the plan
- Assess the evidence
- Handle non-conformity issues
- Finalize the assessment
- Define scope fundamentals
- Categorize the assets
- Determine the OSC context
- Define ESPs
- Validate the assessment scope
- Evaluate the AC practices
- Identify AC connections and considerations
- Evaluate the AT practices
- Identify AT connections and considerations
- Evaluate the AU practices
- Identify AU connections and considerations
Evaluate and identify connections for:
- CA (Security Assessment)
- CM (Configuration Management)
- IA (Identification and Authentication)
- IR (Incident Response)
- MA (Maintenance)
- MP (Media Protection)
- PE (Physical Protection)
- PS (Personnel Security)
- RA (Risk Assessment)
- SC (System and Communications Protection)
- SI (System and Information Integrity)