Cybersecurity Maturity Model Certification (CMMC) is designed to assess the security posture of Defense Industrial Base (DIB) companies to verify that appropriate practices and procedures are implemented prior to granting defense contracts.
On November 4, 2021, the Department of Defense (DOD) issued sweeping changes to what came to be the first version of CMMC or CMMC 1.0. The primary reason for the change was because the third-party assessment requirement was considered too costly and burdensome for many in the defense industry, especially small to medium-sized enterprises that do not have access to Controlled Unclassified Information (CUI).
The path to certification for CMMC practitioners and assessors has been simplified in the new version of CMMC 2.0. With this new version, Learning Tree began to deliver the certification course/path (2072), in November 2021.
Here are some common questions and answers that will help you understand CMMC and the certification process.
CMMC 2.0 FAQs
There were five levels of assessment that organizations seeking certification (OSCs) would have to adhere to in CMMC 2.0. This has been reduced to three levels.
- Level 1 – OSCs can self-assess/attest. They will no longer be required to use a third-party assessor organization (C3PAO). However, there are many benefits to having a third-party assessment.
- Level 2 – OSCs at this level will need to have a third-party assessor perform the assessment for them. Learning Tree’s course 2072, Cybersecurity Maturity Model Certification (CMMC) Training Course, trains and certifies assessors needed for this level. There are approximately 80,000 OSCs at this level that need to be assessed.
- Level 3–the DOD’s Defense Contract Management Agency’s Defense Industrial Base Cybersecurity Assessment Center (DIBCAC) will assess level 3.
Learning Tree will be updating the course 2072, Cybersecurity Maturity Model Certification (CMMC) Training Course, content. Customers who have taken, or will take, Cybersecurity Maturity Model Certification (CMMC) Training Course prior to our release of the new content (mid-June) will be provided with “Delta” On-Demand modules directly from CMMC.
The first course 2072, Cybersecurity Maturity Model Certification (CMMC) Training Course, with the CMMC 2.0 materials runs August 22, 2022.
The assessor candidate is first required to earn their CCP (CMMC Certified Practitioner). Training is REQUIRED to earn the CCP, and course 2072, Cybersecurity Maturity Model Certification (CMMC) Training Course, is the course they need to take. They also MUST take the training from a CMMC LTP (Licensed Training Provider). If they take the training from a company that is not an LTP, they will not be able to sit for the CCP exam.
Once they earn their CCP, they are then required to take course 2073, Certified CMMC Assessor Level 1 Training (CCA-1). This course will be released in Q4 2022.
The CCP exam will be available in October 2022. The release date for the CCA exam has not yet been announced.
LTPs are not allowed to sell the exam vouchers, so we will cover the cost of the exam with a form of digital payment (gift card).
Further training isn’t required. However, they still must be certified and they will want to comply, so the more they know about what an assessment is, the better informed they will be.
Learning Tree has authored course 2074, Self-Assessment Under CMMC 2.0 and NIST SP 800-171, to help organizations that choose to self-assess.
Only CMMC LTPs (Licensed Training Providers).
No. CMMC requires instructors to undergo a rigorous training program to become a certified instructor. Learning Tree instructors will also be qualified as assessors.
No. There are no restrictions in terms of citizenship.
If the individuals are going to take the CCA Certification Exam, the official training course must be used.
Let the experts at Learning Tree help build the right solution for your CMMC readiness needs.