CMMC Assessment Process (Draft) is Published
At the Town Hall on July 26th, The Cyber AB released the long-awaited CMMC Assessment Process (CAP). Up to now, the draft was only available to the CMMC Provisional Assessors and CMMC Provisional Instructors.
Even though annotated as Version 1.0, it is only a DRAFT. The DoD has not yet officially endorsed the CAP.
The CAP provides detailed guidance for a prescription assessment process for C3PAOs to assess Organizations Seeking Certification (OSC) for CMMC Level 2 Certification.
NOT OFFICIAL YET
To be clear, this is still a DRAFT, which the DoD has not yet officially endorsed. What does this mean? At this point, it will not be used to guide CMMC assessments until the FINAL is released.
Additionally, the CMMC Town Hall announced that C3PAOs would follow the DoD's Assessment Methodology process for early CMMC assessments under the Joint Surveillance Voluntary Program. Basically, this would be the equivalent of the DoD Assessment Methodology's "High" Assessments (DFARS 252.204-7020).
THE CYBER AB IS ASKING FOR PUBLIC COMMENTS
The Cyber AB is asking for public comments for the next 30 days. You can find the document posted here:
CMMC-Assessment-Process-CAP-v1.0.pdf (cyberab.org)
More to follow for sure.
The SecureStrux CMMC Team
(Tony Buenger, Aaron Sanford, Matthew Pagan)
Contact us for help with your security and compliance needs!