Certified CMMC Assessor (CCA)

General Information

The Cybersecurity Maturity Model Certification (CMMC) program provides a standard model and process for conducting a conformity assessment of Department of Defense (DoD) suppliers and service providers. Organizations wanting to provide products and services to the DoD will be required to demonstrate their cybersecurity competency and compliance under the CMMC program. A Certified CMMC Assessor (CCA) applies a rigorous Assessment Process to ensure the relevant security controls have been effectively implemented and that there is evidence that these controls can be sustained. This course covers identifying the scope of an Assessment, assessing the CMMC Level 2 practices, and using an established process and workflow to enable efficiencies during an Assessment.

Learning Objectives

In this course, you will apply the CMMC Assessment Process to validate the performance of cybersecurity practices in the 14 domains derived from NIST SP 800-171. You will: Protect CUI with the CMMC program. Establish the key elements of your responsibilities as a professional CMMC Assessor. Work through an Assessment. Validate the context and scope of a Level 2 CMMC Assessment. Assess the practices in the Access Control (AC) domain. Assess the practices in the Awareness and Training (AT) domain. Assess the practices in the Audit and Accountability (AU) domain. Assess the practices in the Security Assessment (CA) domain. Assess the practices in the Configuration Management (CM) domain. Assess the practices in the Identification and Authentication (IA) domain. Assess the practices in the Incident Response (IR) domain. Assess the practices in the Maintenance (MA) domain. Assess the practices in the Media Protection (MP) domain. Assess the practices in the Personnel Security (PS) domain. Assess the practices in the Physical Protection (PE) domain. Assess the practices in the Risk Assessment (RA) domain. Assess the practices in the System and Communications Protection (SC) domain. Assess the practices in the System and Information Integrity (SI) domain.

Who Should Take this Class

This course is designed for Certified CMMC Professionals (CCP) who are interested in becoming Certified CMMC Assessors (CCA), as well as Certified CMMC Instructors (CCI) who want to teach this CCA course in the future. This course is also beneficial to employees of Defense Industrial Base (DIB) Organizations Seeking Certification (OSCs) because an understanding of how CCPs and CCAs think during an Assessment will ensure better Assessment readiness.

Prerequisite

To ensure your success in this course, you must have the foundational cybersecurity knowledge of a Certified CMMC Professional, which you can obtain by taking the following course and exam: Certified CMMC Professional (CCP)

Delivery Format

Course Credits

Examination

The CCA is exam is 3.5 hours, includes 170 multi-choice questions, requires a passing score of 500+ and is NOT an open book exam.

Course Topics

Lesson 1: Protecting CUI with the CMMC Program Topic A: Protect Controlled Unclassified Information Topic B: Utilize the CMMC Source Documents Lesson 2: Being an Assessor Topic A: Identify Assessment Roles and Responsibilities Topic B: Establish an Assessor Mindset Topic C: Determine the OSC's Cybersecurity Environment Lesson 3: Working Through an Assessment Topic A: Identify Assessment Flow and Milestone Events Topic B: Prepare to Work with the OSC Topic C: Formalize the Plan Topic D: Assess the Evidence Topic E: Handle Non-Conformity Issues Topic F: Finalize the Assessment Lesson 4: Validating the Scope of a CMMC Assessment Topic A: Define Scope Fundamentals Topic B: Categorize the Assets Topic C: Determine the OSC Context Topic D: Define ESPs Topic E: Validate the Assessment Scope Lesson 5: Assessing the AC Practices Topic A: Evaluate the AC Practices Topic B: Identify AC Connections and Considerations Lesson 6: Assessing the AT Practices Topic A: Evaluate the AT Practices Topic B: Identify AT Connections and Considerations Lesson 7: Assessing the AU Practices Topic A: Evaluate the AU Practices Topic B: Identify AU Connections and Considerations Lesson 8: Assessing the CA Practices Topic A: Evaluate the CA Practices Topic B: Identify CA Connections and Considerations Lesson 9: Assessing the CM Practices Topic A: Evaluate the CM Practices Topic B: Identify CM Connections and Considerations Lesson 10: Assessing the IA Practices Topic A: Evaluate the IA Practices Topic B: Identify IA Connections and Considerations Lesson 11: Assessing the IR Practices Topic A: Evaluate the IR Practices Topic B: Identify IR Connections and Considerations Lesson 12: Assessing the MA Practices Topic A: Evaluate the MA Practices Topic B: Identify MA Connections and Considerations Lesson 13: Assessing the MP Practices Topic A: Evaluate the MP Practices Topic B: Identify MP Connections and Considerations Lesson 14: Assessing the PE Practices Topic A: Evaluate the PE Practices Topic B: Identify PE Connections and Considerations Lesson 15: Assessing the PS Practices Topic A: Evaluate the PS Practices Topic B: Identify PS Connections and Considerations Lesson 16: Assessing the RA Practices Topic A: Evaluate the RA Practices Topic B: Identify RA Connections and Considerations Lesson 17: Assessing the SC Practices Topic A: Evaluate the SC Practices Topic B: Identify SC Connections and Considerations Lesson 18: Assessing the SI Practices Topic A: Evaluate the SI Practices Topic B: Identify SI Connections and Considerations Appendix A: Evidence Collection Approach for CMMC Practices Levels 1 and 2 Appendix B: Additional Documentation for CCAs Appendix C: Mapping Course Content to the CCA Exam