Cybersecurity Maturity Model Certification (CMMC) is designed to assess the security posture of Defense Industrial Base (DIB) companies to verify that appropriate practices and procedures are implemented prior to granting defense contracts.
On November 4, 2021, the Department of Defense (DOD) issued sweeping changes to what came to be the first version of CMMC or CMMC 1.0. The primary reason for the change was because the third-party assessment requirement was considered too costly and burdensome for many in the defense industry, especially small to medium-sized enterprises that do not have access to Controlled Unclassified Information (CUI).
The path to certification for CMMC practitioners and assessors has been simplified in the new version of CMMC 2.0. With this new version, Learning Tree began to deliver the certification course/path (2072), in November 2021.
Here are some common questions and answers that will help you understand CMMC and the certification process.
CMMC 2.0 FAQs
There were five levels of assessment that organizations seeking certification (OSCs) would have to adhere to in CMMC 2.0. This has been reduced to three levels.
- Level 1 – OSCs can self-assess/attest. They will no longer be required to use a third-party assessor organization (C3PAO), however there are many benefits to having a third-party assessment.
- Level 2 – OSCs at this level will need to have a third-party assessor perform the assessment for them. Learning Tree’s Course 2072 trains and certifies assessors needed for this level. There are approximately 80,000 OSCs at this level that need to be assessed.
- Level 3–the DOD’s Defense Contract Management Agency’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) will assess level 3.
Learning Tree will be updating the Course 2072 content. Customers who have taken, or will take, 2072 prior to our release of the new content (mid-June) will be provided with “Delta” On Demand modules directly from CMMC.
Although we have not been given precise dates, it seems that we will be able to begin delivering the new content in the mid-June period.
The assessor candidate is first required to earn their CCP (CMMC Certified Practitioner). Training is REQUIRED to earn the CCP, and Course 2072 is the course they need to take. They also MUST take the training from a CMMC LTP (Licensed Training Provider). If they take the training from a company that is not an LTP, they will not be able to sit for the CCP exam.
Once, they earn their CCP, they are then required to take CMMC Certified Assessor (CCA) training (Course 2073). This course will be released in Q4 2022.
The CCP exam will be available in October 2022. The release date for the CCA exam has not yet been announced.
Further training isn’t required. However, they still must be certified and they will want to comply, so the more they know about what an assessment is, the better informed they will be.
Learning Tree has authored Course 2074: Self-Assessment of CMMC 2.0 and SP 800-171 Compliance to help organizations that choose to self-assess.
Only CMMC LTPs (Licensed Training Providers).
LTPs are not allowed to sell the exam vouchers, so we will cover the cost of the exam with a form of digital payment (gift card).
No. CMMC requires instructors to undergo a rigorous training program to become a certified instructor. Learning Tree instructors will also be qualified as assessors.
No. There are no restrictions in terms of citizenship.
If the individuals are going to take the CCA Certification Exam, the official training course must be used.
Let the experts at Learning Tree help build the right solution for your CMMC readiness needs.