CCP Blueprint: Difference between revisions
Jump to navigation
Jump to search
Line 608: | Line 608: | ||
| | | | ||
:F. CMMC Assessment Process (CAP) | :F. CMMC Assessment Process (CAP) | ||
|- | |||
|3A | |||
|3.3.1.G | |||
| | |||
:G. CMMC Glossary | :G. CMMC Glossary | ||
|- | |||
|3A, 10D | |||
|3.3.1.H | |||
| | |||
:H. CMMC Artifact Hashing Tool User Guide | :H. CMMC Artifact Hashing Tool User Guide | ||
|- | |- | ||
|2A | |||
|3.3.2 | |||
|2. ISOO CUI Registry | |2. ISOO CUI Registry | ||
|- | |||
|2A | |||
|3.3.2.A | |||
| | |||
:A. NARA administers the CUI Registry | :A. NARA administers the CUI Registry | ||
|- | |||
|2A | |||
|3.3.2.A.1 | |||
| | |||
::(1) Types of labeled information on documents such as: | ::(1) Types of labeled information on documents such as: | ||
|- | |||
|2A | |||
|3.3.2.A.1.a | |||
| | |||
:::(a) Export Controlled (SP-EXPT) | :::(a) Export Controlled (SP-EXPT) | ||
|- | |||
|2B | |||
|3.3.2.A.1.b | |||
| | |||
:::(b) Specified marking/labeling using NARA CUI Marking Handbook | :::(b) Specified marking/labeling using NARA CUI Marking Handbook | ||
|- | |- | ||
|2A | |||
|3.3.3 | |||
|3. DoD CUI Registry | |3. DoD CUI Registry | ||
|- | |||
|2A, 2B | |||
|3.3.3.A | |||
| | |||
:A. Types of labeled information on documents such as: | :A. Types of labeled information on documents such as: | ||
|- | |||
|2A, 2B | |||
|3.3.3.A.1 | |||
| | |||
::(1) Naval Nuclear Propulsion Information (NNPI) | ::(1) Naval Nuclear Propulsion Information (NNPI) | ||
|- | |||
|2A, 2B | |||
|3.3.3.A.2 | |||
| | |||
::(2) NNPI marking/labeling using DoD CUI Marking Aid | ::(2) NNPI marking/labeling using DoD CUI Marking Aid | ||
|} | |} |
Revision as of 22:18, 6 August 2022
Source of Reference: The CCP blueprint from Cybersecurity Maturity Model Certification Accreditation Body, Inc.
For inquiries and reporting errors on this wiki, please contact us. Thank you.
Domains
Upon successful completion of this exam, the candidate will be able to apply skills and knowledge to the below domains:
Objective | Domain | Exam Weight |
---|---|---|
1.0 | 1. CMMC Ecosystem | 5% |
2.0 | 2. CMMC-AB Code of Professional Conduct (Ethics) | 5% |
3.0 | 3. CMMC Governance and Sources Documents | 15% |
4.0 | 4. CMMC Model Construct and Implementation Evaluation | 35% |
5.0 | 5. CMMC Assessment Process (CAP) | 25% |
6.0 | 6. Scoping | 15% |
Domain 1: CMMC Ecosystem
Task 1. Identify and compare roles/responsibilities/requirements of authorities across the CMMC Ecosystem.
Lesson Topic | Objective | Objective Description |
---|---|---|
3B | 1.1.1 | 1. Authorities: |
3B | 1.1.1.A | A. Office of the Undersecretary of Defense (OUSD) |
1B, 3A, 7A, 8A | 1.1.1.A.1 |
|
1B, 3B, 3C | 1.1.1.A.2 |
|
3B | 1.1.1.B | B. CMMC Ecosystem and the different types of entities participating in it |
3B | 1.1.1.B.1 |
|
3B | 1.1.1.B.1.a |
|
3B | 1.1.1.B.1.a.1 |
|
3B | 1.1.1.B.1.a.1.1 |
|
3B | 1.1.1.B.1.a.2 |
|
3B | 1.1.1.B.1.a.3 |
|
3B | 1.1.1.B.1.a.3.1 |
|
3B | 1.1.1.B.1.b |
|
3B | 1.1.1.B.1.b.1 |
|
3B | 1.1.1.B.1.b.1.1 |
|
3B | 1.1.1.B.2 |
|
3B | 1.1.1.B.2.a |
|
3B | 1.1.1.B.2.a.1 |
|
3B | 1.1.1.B.2.a.1.1 |
|
3B | 1.1.1.B.2.a.2 |
|
3B | 1.1.1.B.2.a.2.1 |
|
3B | 1.1.1.B.2.b |
|
3B | 1.1.1.B.2.b.1 |
|
3B | 1.1.1.B.2.b.1.1 |
|
3B | 1.1.1.B.2.b.1.2 |
|
3B | 1.1.1.B.2.b.2 |
|
3B | 1.1.1.B.2.b.2.1 |
|
3B | 1.1.1.B.2.b.2.2 |
|
3B | 1.1.1.B.2.b.3 |
|
3B | 1.1.1.B.2.b.3.1 |
|
3B | 1.1.1.B.2.b.3.2 |
|
3B | 1.1.1.B.2.b.4 |
|
3B | 1.1.1.B.2.b.4.1 |
|
3B | 1.1.1.B.2.b.4.2 |
|
3B | 1.1.1.B.2.b.5 |
|
3B | 1.1.1.B.2.b.5.1 |
|
3B | 1.1.1.B.2.b.5.2 |
|
3B, 10A | 1.1.1.B.2.b.6 |
|
3B, 10A | 1.1.1.B.2.b.6.1 |
|
3B, 10A | 1.1.1.B.2.b.7 |
|
3B, 10A | 1.1.1.B.2.b.7.1 |
|
3B | 1.1.1.B.2.b.7.2 |
|
Domain 2: CMMC-AB Code of Professional Conduct (Ethics)
Task 1. Identify and apply knowledge of the Guiding Principles and Practices of the CMMC-AB Code of Professional Conduct (CoPC)/ISO/IEC/DOD requirements.
Lesson Topic | Objective | Objective Description |
---|---|---|
4B | 2.1.1 | 1. General ethics topics |
4B | 2.1.2 | 2. CMMC-AB Code of Professional Conduct (CoPC) |
4B | 2.1.3 | 3. ISO/IEC |
4B | 2.1.4 | 4. Department of Defense (DoD) requirements |
4B | 2.1.5 | 5. Professionalism |
4B | 2.1.6 | 6. Objectivity |
4B | 2.1.7 | 7. Confidentiality |
4B | 2.1.8 | 8. Proper use of methods |
4B | 2.1.9 | 9. Information integrity |
4B | 2.1.10 | 10. Conflicts of interest |
4B | 2.1.11 | 11. Respect for intellectual property |
4B | 2.1.12 | 12. Lawful and ethical practices |
4B | 2.1.13 | 13. Contracts and non-disclosure agreements |
Domain 3. CMMC Governance and Source Documents
Task 1. Demonstrate understanding of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in non-federal unclassified networks.
Lesson Topic | Objective | Objective Description |
---|---|---|
1B | 3.1.1 | 1. Current Department of Defense (DoD) Defense Industrial Base (DIB) Cybersecurity Efforts, Regulations, and Executive Orders pertaining to the CMMC program: |
1B, 2B | 3.1.1.A |
|
1B | 3.1.1.B |
|
1B, 3B | 3.1.1.C |
|
1B, 7B | 3.1.1.C.1 |
|
2A | 3.1.1.C.2 |
|
1B | 3.1.1.C.3 |
|
3B | 3.1.2 | 2. CMMC Framework Tenets: |
3B | 3.1.2.A |
|
3B | 3.1.2.A.1 |
|
3B, 7B | 3.1.2.A.1.a |
|
3B, 7B | 3.1.2.A.1.b |
|
3B | 3.1.2.A.2 |
|
3B | 3.1.2.A.2.a |
|
3B | 3.1.2.A.2.b |
|
3B | 3.1.2.A.3 |
|
3B | 3.1.2.A.3.a |
|
3B | 3.1.2.A.3.b |
|
3B | 3.1.2.B |
|
3B | 3.1.2.B.1 |
|
3B | 3.1.2.C |
|
3B | 3.1.2.C.1 |
|
8A | 3.1.2.C.1.a |
|
3A, 8A | 3.1.2.C.1.a.i |
|
3A, 3B, 9A | 3.1.2.C.2 |
|
3A, 7B | 3.1.2.C.2.a |
|
3A, 7B, 9A | 3.1.2.C.2.a.i |
|
3B, 3C | 3.1.2.D |
|
3B, 3C | 3.1.2.D.1 |
|
3C | 3.1.3 | 3. Consequences of non-compliance: |
3C | 3.1.3.A |
|
3C | 3.1.3.B |
|
3C | 3.1.3.C |
|
3C | 3.1.3.C.1 |
|
3C | 3.1.3.C.1.a |
|
Task 2. Determine the appropriate roles/responsibilities/authority for Federal Contract Information (FCI) and Controlled Unclassified Information (CUI).
Lesson Topic | Objective | Objective Description |
---|---|---|
2A | 3.2.1 | 1. Importance of data classification, collection, and analysis |
2A | 3.2.1.A |
|
2A | 3.2.2 | 2. Contractor sensitive data categories |
2A | 3.2.2.A |
|
2A | 3.2.2.A.1 |
|
2A | 3.2.2.B |
|
2A, 2B | 3.2.2.B.1 |
|
2A, 2B | 3.2.3 | 3. Government authority for identifying and marking CUI |
2A, 2B | 3.2.3.A |
|
2A, 2B | 3.2.3.B |
|
2A, 2B | 3.2.3.C |
|
2B | 3.2.4 | 4. Contractor/Authorized holders’ responsibilities in handling CUI |
2B | 3.2.4.A |
|
1B, 2B | 3.2.4.B |
|
Task 3. Demonstrate understanding of the CMMC Source and Supplementary documents.
Lesson Topic | Objective | Objective Description |
---|---|---|
3A | 3.3.1 | 1. CMMC Source Documents |
3A, 7B | 3.3.1.A |
|
7A, 7B | 3.3.1.B |
|
7A, 7B | 3.3.1.C |
|
5A | 3.3.1.D |
|
5A | 3.3.1.E |
|
3A, 7A, 10B, 10C, 10D, 10E | 3.3.1.F |
|
3A | 3.3.1.G |
|
3A, 10D | 3.3.1.H |
|
2A | 3.3.2 | 2. ISOO CUI Registry |
2A | 3.3.2.A |
|
2A | 3.3.2.A.1 |
|
2A | 3.3.2.A.1.a |
|
2B | 3.3.2.A.1.b |
|
2A | 3.3.3 | 3. DoD CUI Registry |
2A, 2B | 3.3.3.A |
|
2A, 2B | 3.3.3.A.1 |
|
2A, 2B | 3.3.3.A.2 |
|
Domain 4 - CMMC Model Construct and Implementation Evaluation
Task 1. Given a scenario, apply the appropriate CMMC Source Documents as an aid to evaluate the implementation/review of CMMC practices.
(At a minimum CCP candidate must be evaluated on CMMC L1 Practices during CCP exam)
1. Model Architecture |
2. Model Levels:
|
3. Practices:
|
4. Domains:
|
Task 2. Apply knowledge of the CMMC Assessment Criteria and Methodology to the appropriate CMMC practices.
|
Task 3. Analyze the adequacy/sufficiency around the location/collection/quality/usage of Evidence.
|
Domain 5: CMMC Assessment Process
Task 1. Choose the appropriate roles of the CCP in the CMMC Assessment Process when developing the assessment plan (Phase 1– Plan and Prepare Assessment).
|
Task 2. Apply CMMC Assessment Process requirements pertaining to the role of the CCP as an assessment team member while conducting a CMMC assessment (Phase 2 – Conduct Assessment).
|
Task 3. Demonstrate comprehension of the CCP role in the preparation of assessment report (Phase 3 – Report Assessment Results).
|
Task 4. Demonstrate comprehension of the CCP role in the process of evaluating outstanding assessment issues on Plan of Action and Milestones (POA&M) (Phase 4 – Evaluation of Outstanding Assessment POA&M Items).
1. The evaluation of assessment POA&M items
|
Task 5. Given a scenario, determine the appropriate phases/steps to assist in the preparation/conducting/ reporting on a CMMC Level 2 Assessment.
1. Plan and Prepare Assessments:
|
2. Conduct Assessment:
|
3. Report Recommended Assessment Results:
|
4. Remediate Outstanding Assessment Issues:
|
Domain 6: Scoping
Task 1. Understand CMMC High-Level Scoping as described in the CMMC Assessment Process.
1. Defining organizational scoping
|
Task 2. Given a Scenario, analyze the organization environment to generate an appropriate scope for FCI Assets.
1. Defining FCI data in the form of Assets that:
|
2. Out-of-Scope Assets |
3. Specialized Assets
|
4. Scoping Activities
|