How CMMC Registered Practitioners Help Achieve Compliance

Modified on: December 9, 2020

What is a CMMC RP?

The CMMC Accreditation Body (CMMC-AB), the entity which is responsible for launching the Cybersecurity Maturity Model Certification (CMMC) for the US Department of Defense (DOD), is currently taking applications for six new CMMC-related roles and authorizations:

  1. Certified Third Party Assessor Organizations (C3PAO)
  2. Certified Professionals (CP)
  3. Certified Assessors (CA)
  4. Licensed Partner Publishers (LPP)
  5. Registered Practitioners (RP)
  6. Registered Provider Organizations (RPO)

Registered Practitioners, in particular, undergo basic training on the CMMC standard and are qualified to deliver a non-certified advisory service to organizations within the US Defense Industrial Base (DIB) as a CMMC consultant, coach, or support. It is important to note that RPs must operate under an RPO to carry out CMMC compliance services.

Requirements for Registered Practitioners

To achieve an RP certification, a cybersecurity expert must apply through the CMMC-AB portal, and if accepted, complete training and testing online. The CMMC-AB currently hosts Registered Practitioner training; however, they reported earlier this year that RP training would be provided by various Licensed Training Providers (LTPs) as soon as January or February 2021.

RP applicants must undergo an extensive background check by their RPO and sign the official CMMC-AB Code of Professional Conduct before being awarded authorizations to participate in the Provisional Period of CMMC.

Certifications are valid for one year, and RPs are listed on the CMMC-AB Marketplace. However, the CMMC-AB will revoke their badge and listing if an individual is found to be acting against the Code of Professional Conduct.

CMMC RP Graphic, provided by the CMMC-AB Website

How Can My Organization Utilize CMMC RPs?

What sets RPs and RPOs apart from other entities offering CMMC-related consulting services is their commitment, training, and direct relationship with the CMMC-AB, which authorizes them to help organizations get ready for the CMMC.

Because the CMMC-AB performs quality assurance on RPs, not any professional can don the title and appropriate badges on their marketing materials. The program is for those who have both the ability and desire to serve the DIB as an advisor or MSP (Managed Service Provider).

Moreover, the application and authorization process requires a basic level of training and a background check. Organizations can rest assured that both RPs and the RPOs they work for are ethical, prepared, and motivated to meet their needs. 

SecureStrux, a registered RPO, currently has three certified RPs on staff who are certified to help organizations prepare for the CMMC. Learn more about RPs, tips for preparation, and achieving compliance from our CMMC Services page.