This is the main content of the page.

 
 

Ecosystem ProfessionsAssessors and Assessment Organizations

CMMC Assessors

Below are the steps for both the CMMC Certified Professional (CCP) and CMMC Certified Assessor (CCA) certification programs.

Current CCP and CCA FAQ

Steps for becoming a CMMC Certified Professional (CCP):

  1. Complete CCP Application - Assessing and Certification | Cyber-AB (cyberab.org) , select “CCP Enroll Here”
  2. Pay CCP Application Fee*, you will obtain CMMC Professional Number (CPN)
  3. Sign Code of Professional Conduct (CoPC)
  4. Sign Individual Service Agreement – referred to as the “Agreement.”
  5. Successfully complete CCP training with an Approved Training Provider (ATP). Your selected ATP will provide your completion information to the CAICO, you will see your training entitlement checked off once this has been completed, typically takes 3-5 business days from the ATP's submission of training. Candidate submitted training completions will not be accepted.
  6. Pay your exam fee*
  7. Take and successfully pass the CCP examination
  8. Upon passing the CCP exam, you will soon receive an email that will provide the details for applying for Tier 3. Upon earning Tier 3, the CCP certification process is complete. Please review Becoming a Cybersecurity Maturity Model (CMMC) Assessor guide found here for details on the Tier 3 process.

Important Note: to access the exams, training must be conducted by an Approved Training Provider (ATP) found on The Cyber AB marketplace. If the provider is not listed on The Cyber AB Marketplace, they are not approved to offer “official” CMMC training for the certification programs, therefore you will not have access to the exams. Click Here to go to the Marketplace.

Steps for becoming a CMMC Certified Assessor (CCA):

  1. Complete CCA Application - Assessing and Certification | Cyber-AB (cyberab.org) , select “CCA Enroll Here” – note: you will need to be logged into The Cyber AB site and have passed the CCP examination to have access to the CCA application.
  2. Pay CCA Application Fee*
  3. Sign Code of Professional Conduct (CoPC) – this will only be required again if the agreement has changed or if one (1) year has passed from the last signature
  4. Sign Individual Service Agreement – referred to as “Agreement.” – this will only be required again if the agreement has changed or if one (1) year has passed from the last signature
  5. Self-Attest and provide evidence of certification and experience requirements:
    • Three (3) years of cybersecurity experience
    • One (1) year of audit or assessment experience
    • Hold at least one baseline certification aligned to the Intermediate and/or Advanced Proficiency Level for the Career Pathway Certified Assessor 612 from the DoD Manual 8140.3 Cyberspace Workforce Qualification & Management Program. https://public.cyber.mil/dcwf-work-role/security-control-assessor/
  6. Provide active Tier 3 information, as needed.

    Note: Steps 5 and 6 can be completed anytime, but certification will not be granted until all the steps have been completed.

     

  7. Successfully complete CCA training with an Approved Training Provider (ATP). Your selected ATP will provide your completion information to the CAICO, you will see your training entitlement checked off once this has been completed, typically takes 3-5 business days from the ATP's submission of training.
  8. Pay your exam fee.*
  9. Take and successfully pass the CCA examination.

Important Note: to access the exams, training must be conducted by an Approved Training Provider (ATP) found on The Cyber AB marketplace. If the provider is not listed on this site, they are not approved to offer “official” CMMC training for the certification programs, therefore you will not have access to the exams. Click Here to go to the Marketplace.

*All program fees subject to change.

CMMC Third-Party Assessment Organizations

To become a CMMC Third-Party Assessment Organization (C3PAO):

  • Requirements for Authorization
    • Complete Application
    • Pay application fee
    • Pass Organizational Background Check via data provided to the Cyber AB by Experian
    • Successfully pass a FOCI and SF-328 review
    • Complete interview with Cyber AB
    • Sign the C3PAO Agreement and Code of Professional Conduct (CoPC)
    • Pay Authorization fee (valid for one year following your Authorization date)
    • Maintain an association with at least 1 CMMC Certified Lead CCA, 1 CMMC Certified Assessors (CCA), and one quality assurance individual who is also a CCA.
    • Pass DoD or DCSA organizational background check
    • Pass a CMMC Level 2 assessment conducted by DCMA DIBCAC
    • Provide verification of insurance
      • General Liability with CMMC Accreditation Body as an Additional Insured ($1M minimum)
      • Errors and Omissions Policy ($1M minimum)
      • Cybersecurity Liability Policy ($1M minimum)
    • Possess Assessment Appeals Process approved by the CyberAB
  • ISO 17020 Accreditation
    • ISO 17020 accreditation conducted by the Cyber AB within 27 months of Authorization

Want to become a Member?

Membership into the CMMC-AB community, and visibility within the CMMC marketplace, is reserved for those organizations and individuals which successfully complete and pass their respective application and onboarding process, which includes formal review and authorization by the CMMC-AB.

Please click on the appropriate enrollment button above to start the process.