CMMC Assessment Process: Difference between revisions

From CMMC Toolkit Wiki
Jump to navigation Jump to search
(Created page with "'''Source of Reference: The [https://cyberab.org/Portals/0/Documents/Process-Documents/CMMC-Assessment-Process-CAP-v1.0.pdf CMMC Assessment Process] from Cybersecurity Maturity Model Certification Accreditation Body, Inc.''' For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you.")
 
No edit summary
Line 2: Line 2:


For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you.
For inquiries and reporting errors on this wiki, please [mailto:support@cmmctoolkit.org contact us]. Thank you.
== Introduction to the CMMC Assessment Process (CAP) ==
The CAP is organized across four (4) phases and describes the required activities to ensure that CMMC Assessments are conducted consistently across the DIB. The four phases are:
* Phase 1: “Plan and Prepare the Assessment”;
* Phase 2: “Conduct the Assessment”;
* Phase 3: “Report Assessment Results”; and
* Phase 4: “Close-Out POA&Ms and Assessment” (if necessary).
                     
These four (4) phases have been designed to ensure that every CMMC Assessment meets the following objectives:
* Achieve the highest possible accuracy, fidelity, and quality for CMMC Assessments conducted by C3PAOs;
* Maximize consistency to ensure that different Assessments conducted by different C3PAOs and Assessors yield the same verifiable results and outcomes each time;
* Improve the cybersecurity defensive posture and the cyber resiliency of the DIB by providing effective and efficient Assessments that are well-planned, executed in consistent fashion, and accurately reported.

Revision as of 15:55, 5 August 2022

Source of Reference: The CMMC Assessment Process from Cybersecurity Maturity Model Certification Accreditation Body, Inc.

For inquiries and reporting errors on this wiki, please contact us. Thank you.

Introduction to the CMMC Assessment Process (CAP)

The CAP is organized across four (4) phases and describes the required activities to ensure that CMMC Assessments are conducted consistently across the DIB. The four phases are:

  • Phase 1: “Plan and Prepare the Assessment”;
  • Phase 2: “Conduct the Assessment”;
  • Phase 3: “Report Assessment Results”; and
  • Phase 4: “Close-Out POA&Ms and Assessment” (if necessary).

These four (4) phases have been designed to ensure that every CMMC Assessment meets the following objectives:

  • Achieve the highest possible accuracy, fidelity, and quality for CMMC Assessments conducted by C3PAOs;
  • Maximize consistency to ensure that different Assessments conducted by different C3PAOs and Assessors yield the same verifiable results and outcomes each time;
  • Improve the cybersecurity defensive posture and the cyber resiliency of the DIB by providing effective and efficient Assessments that are well-planned, executed in consistent fashion, and accurately reported.