CMMC Assessment Process (Draft) is Published

Modified on: July 27, 2022

 

 

 

 

CMMC 2.0CMMC Assessment Process (Draft) is Published

CAP-1 At the Town Hall on July 26th, The Cyber AB released the long-awaited CMMC Assessment Process (CAP). Up  to now, the draft was only available to the CMMC Provisional Assessors and CMMC Provisional  Instructors.

Even though annotated as Version 1.0, it is only a DRAFT. The DoD has not yet officially endorsed the CAP.

The CAP provides detailed guidance for a prescription assessment process for C3PAOs to assess   Organizations Seeking Certification (OSC) for CMMC Level 2 Certification.

NOT OFFICIAL YET

To be clear, this is still a DRAFT, which the DoD has not yet officially endorsed. What does this mean? At this point, it will not be used to guide CMMC assessments until the FINAL is released.

Additionally, the CMMC Town Hall announced that C3PAOs would follow the DoD’s Assessment Methodology process for early CMMC assessments under the Joint Surveillance Voluntary Program. Basically, this would be the equivalent of the DoD Assessment Methodology’s “High” Assessments (DFARS 252.204-7020).

THE CYBER AB IS ASKING FOR PUBLIC COMMENTS

The Cyber AB is asking for public comments for the next 30 days. You can find the document posted here:

CMMC-Assessment-Process-CAP-v1.0.pdf (cyberab.org)

More to follow for sure.

The SecureStrux CMMC Team

(Tony Buenger, Aaron Sanford, Matthew Pagan)

three 

Contact us for help with your security and compliance needs!