CMMC Assessment Process
Jump to navigation
Jump to search
Source of Reference: The CMMC Assessment Process from Cybersecurity Maturity Model Certification Accreditation Body, Inc.
For inquiries and reporting errors on this wiki, please contact us. Thank you.
Introduction to the CMMC Assessment Process (CAP)
The CAP is organized across four (4) phases and describes the required activities to ensure that CMMC Assessments are conducted consistently across the DIB. The four phases are:
- Phase 1: “Plan and Prepare the Assessment”;
- Phase 2: “Conduct the Assessment”;
- Phase 3: “Report Assessment Results”; and
- Phase 4: “Close-Out POA&Ms and Assessment” (if necessary).
These four (4) phases have been designed to ensure that every CMMC Assessment meets the following objectives:
- Achieve the highest possible accuracy, fidelity, and quality for CMMC Assessments conducted by C3PAOs;
- Maximize consistency to ensure that different Assessments conducted by different C3PAOs and Assessors yield the same verifiable results and outcomes each time;
- Improve the cybersecurity defensive posture and the cyber resiliency of the DIB by providing effective and efficient Assessments that are well-planned, executed in consistent fashion, and accurately reported.