Improve your experience. We are very sorry but this website does not support Internet Explorer. We recommend using a different browser that is supported such as Google Chrome or Mozilla Firefox.

Certified CMMC Assessor Level 3 (CCA-3)

Become a professional authorized to conduct CMMC Assessments up to Maturity Level 3 and recommend Maturity Level certifications pending CMMC-AB Quality Assurance (QA) approval.

Description

 

 

Candidates who attend this training and pass the associated exam are;

  • Credentialed to conduct CMMC-AB ML-1, ML-2, and ML-3 assessments
  • Authorized to supervise Certified CMMC Professionals and CCA-1 in the conduct of ML-1, ML-2, and ML-3 assessments 
  • After completing 3 assessments
    • Authorized to use the CCA-3 logo
    • Listed in the CMMC-AB Marketplace
  • After completing 15 assessments
    • Authorized to apply for the CCA-5 training and credential

Prerequisites

 

  • Certified CMMC Professional Credential
  • Certified CMMC Assessor Level 1 Credential
  • 4+ years of cyber or other information technology experience
  • Complete the training and exam for the Certified CMMC Assessor Level 3 credential
  • Have or gain a favorably adjudicated Tier 3 Suitability Determination that results in no security clearance**

    -or- 

    Possess a NAC (National Agency Check), DHS Suitability Credential or other DoD accepted clearance (required to participate on ML-2 or higher assessment teams)

About This Course

 

CMMC Levels 1 through 3 consist of the security requirements specified in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations; 20 additional CMMC practices; and 3 CMMC maturity processes per each of the 17 domains. Level 1 of CMMC addresses the protection of Federal Contract Information (FCI) and encompasses the basic safeguarding requirements for FCI specified in Federal Acquisition Regulation (FAR) Clause 52.204-21, which defines FCI as: Information, not intended for public release, that is provided by or generated for the Government under a contract to develop or deliver a product or service to the Government, but not including information provided by the Government to the public (such as on public websites) or simple transactional information, such as necessary to process payments. Department of Defense (DoD) contracts that specify the need for a contractor to process, store, or transmit FCI only require the contractor to comply with CMMC Level 1 practices. There is no CMMC process maturity assessed at Level 1.

CMMC Level 3 addresses the protection of Controlled Unclassified Information (CUI), which the National Archives and Record Administration (NARA) defines as:

Information that requires safeguarding or dissemination controls pursuant to and consistent with laws, regulations, and government-wide policies, excluding information that is classified under Executive Order 13526, or any predecessor or successor order, or Atomic Energy Act of 1954, as amended

As such, this course is designed to invoke knowledge on the conducting of these assessments by adhering to defined methodologies and practices.

 

Learning Objectives

 

During this course delegates will learn how to;

  • Conduct the CMMC assessment, in line with stated methodologies; the Certified Assessor will verify and validate that the contractor has properly implemented the practices and processes. Because a contractor can meet the assessment objectives in different ways (e.g., through documentation, computer configuration, network configuration, or training) the Certified Assessor may use a variety of techniques, including any of the three assessment methods from NIST SP 800-171A, to determine if the contractor meets the intent of the practices and processes.
  • Learn how to produce the primary deliverable of an assessment, namely the report that contains the findings associated with each practice and process
  • Learn how to interview individuals within an organization to understand if a practice or process has been addressed. Interviews of applicable staff (possibly at different organizational levels) determine if CMMC practices or processes are implemented as well as if adequate resourcing, training, and planning have occurred for individuals to perform the practices.
  • Learn Examination techniques - Examination includes reviewing, inspecting, observing, studying, or analyzing assessment objects. The objects can be documents, mechanisms, or activities.
  • Learn Testing techniques - Testing is an important part of the assessment process. Interviews tell the Certified Assessor what the contractor staff believe to be true, documentation provides evidence of intent, and testing demonstrates what has or has not been done.
  • Understand how to assess and ratify your findings - The assessment of a CMMC practice or process results in one of three possible findings: MET, NOT MET, or NOT APPLICABLE. To achieve a specific CMMC level, the contractor will need a finding of MET or NOT APPLICABLE finding on all CMMC practices and processes required for the desired level as well as for all lower levels

Who Should Attend?

 

  • Candidates who wish to perform CMMC Level 3 assessments must become CCA-3 Assessor certified.
  • Consultants looking to provide CMMC guidance
  • Individuals continuing the CMMC-AB Certified CMMC Assessor or Certified CMMC Instructor career path

 

Assessment

 

After assessment, delegates are;

  • Credentialed to conduct CMMC-AB ML-1, ML-2, and ML-3 assessments
  • Authorized to supervise Certified CMMC Professionals and CCA-1 in the conduct of ML-1, ML-2, and ML-3 assessments 
  • After completing 3 assessments
    • Authorized to use the CCA-3 logo
    • Listed in the CMMC-AB Marketplace
  • After completing 15 assessments
    • Authorized to apply for the CCA-5 training and credential

Similar courses

CMMC Kickstart: A Practical Guide to Getting Ready for CMMC

Identify the key elements and potential impacts of the Cybersecurity Maturity Model Certification (CMMC) program.

More Information
CMMC Foundations

The PECB CMMC Foundations training course enables participants to understand the fundamental concepts and principles of the CMMC model.

More Information
Certified CMMC Professional (CCP)

The official CMMC-AB approved training course designed to prepare for the CCP exam.

More Information
Certified CMMC Assessor Level 1 (CCA-1)

A Certified Assessor applies the knowledge and expertise as a Certified Professional to Maturity Level 1 (ML-1).

More Information

Press enter to see more results