CCA > Assessment Process > Flashcards

Assessment Process Flashcards

(21 cards)

Study These Flashcards
1
Q

Four Phases

A

Phase 1: Plan and Prepare the Assessment
Phase 2: Conduct the Assessment
Phase 3: Report Assessment Results
Phase 4: Close-Out POA&Ms and Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The 4-Phase objective:

A
  • Achieve the highest possible accuracy, fidelity, and quality
  • Maximize consistency and continuity across C3PAO assessment outcomes
  • Improve defensive posture and resiliency of the DIB by providing effective and efficient, well-planned and execuuted assessments.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

CMMC Assessment Process (CAP)

A

the CMMC doctrine providing the overarching procedures and guidance for C3PAOs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Roles and Responsibilities

A

OSC – Organization Seeking Certification - responsible for implementing CMMC practices for the target CMMC level.

OSC Assessment Official – Most senior representative of an OSC who is directly and actively responsible for leading and managing the OSCs engagement in the Assessment, and who possesses decision-making authority for the OSC w/re: to the CMMC Assessment.

C3PAO – authorized and independent conformity-Assessment body that contracts with the OSC and CMMC Assessment team (CAT).

C3PAO Assessment Team – representative body of the C3PAO composed of certified perssonel who conduct the assessment.

Lead Assessor – CCA who oversees and manages a dedicated CAT for the assessment. Hold the formal designation from the CMMC AB.

Assessment Team Members - individuals in the CAT.

CMMC Quality Assurance Professional (CQAP) – Formally trained individual who is responsible for ensuring Assessment documentation completeness and accuracy. Each C3PAO must have at least (1) CQAP.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CMMC Templates

A

CMMC Pre-Assessment Form Template – central record and information for the Assessment, to include documentation of assets, scope, evidence, and other OSC data. MANDATORY.

Virtual Assessment Evidence Preparation Template – excel file to support the organization and presentation of Evidence to be validated virtually. MANDATORY.

CMMC Assessment Readiness Review (CA-RR) Checklist – preliminary but formal review conducted by the L.A. and, as applicable, the CAT, to verify OSC and CAT readiness for Phase 2.

COI Attestation - Short statement which the C3PAO & CAT confirm they have not provided consulting, advisory, or implementation support to the OSC. MANDATORY.

CMMC Assessment In-brief – PowerPoint file available to build formal kickoff briefing.

Daily Checkpoint – PP file that supports the coordination and tracking of daily activities.

Limited Practice Deficiency Correction Worksheet – document to record any OSC discrepancies that need to be corrected.

CMMC Assessment Results – Spreadsheet that contains the official Assessment results. MANDATORY.

CMMC Assessment Findings Briefing – PP file used to construct the findings brief.

CMMC Assessment Quality Review Checklist – Checklist of items to be verified during the CQAP review process. MANDATORY.

Confirmation of Destruction of OSC Data – MS Word template used to document the surrender/destruction of OSC proprietary information post-assessment. This template is not mandatory, but a formal notification is.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Mandatory Template

A

5 total:

(1) Pre-Assessment Form Templates
(2) Assessment Evidence Preparation Template
(3) COI Attestation
(4) Assessment Results
(5) CQAP Review Checklist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Specialized Asset Contractor Requirements

A
  1. Document in SSP
  2. Document in Inventory
  3. Include in the Network Diagram
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

CAP Objectives

A
  1. Achieve the highest possible accuracy, fidelity, and quality for CMMC Assessments conducted by C3PAOs;
  2. Maximize consistency to ensure that different Assessments conducted by different C3PAOs and Assessors yield the same verifiable results and outcomes each time;
  3. Improve the cybersecurity defensive posture and the cyber resiliency of the DIB by providing effective and efficient Assessments that are well-planned, executed inconsistent fashion, and accurately reported.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Limited Practice Deficiencies Ineligibility

A
  1. Could lead to significant exploitation of the network or exfiltration of CUI.
  2. Practices listed in the OSC’s Self-Assessment Practice Deficiency Tracker
  3. Not implemented prior to the current CMMC Assessment.
  4. Practices that prevent others from being ‘Met’
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Purpose of a POA&M

A

ID, Assess, Prioritize, and MONITOR the progress of corrective efforts for security weaknesses found in an organization’s programs and system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SSP Review (3.12.4)

A
  1. Description of Scope
  2. Environment of Operation Description
  3. ID and Approved Sec Requirement
  4. Implementation Method for Security Requirements
  5. Connections and Relationships to Other Systems
  6. Defined Frequency of Updates
  7. General information system description
  8. Design philosophies
  9. Roles and Responsibilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Mandatory CMMC Templates

A
  1. CMMC Pre-Assessment Form Template
  2. Virtual Assessment Evidence Preparation Template
  3. COI Attestation
  4. CMMC Assessment Results
  5. CMMC Assessment Quality Review Checklist
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

OSC Assessment Official

A

Most senior representative of an OSC who is directly and actively responsible for leading and managing the OSCs engagement in the Assessment, and who possesses decision-making authority for the OSC w/re: to the CMMC Assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

C3PAO

A

authorized and independent conformity-Assessment body that contracts with the OSC and CMMC Assessment team (CAT).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

C3PAO Assessment Team

A

representative body of the C3PAO composed of certified perssonel who conduct the assessment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Lead Assessor

Study These Flashcards
A

CCA who oversees and manages a dedicated CAT for the assessment. Hold the formal designation from the CMMC AB.

17
Q

CMMC Quality Assurance Professional (CQAP)

Study These Flashcards
A

Formally trained individual who is responsible for ensuring Assessment documentation completeness and accuracy. Each C3PAO must have at least (1) CQAP.

18
Q

Phase 1 Steps

Study These Flashcards
A
  1. Receive request (respond w/in 5 days)
  2. Establish Roles & Responsibilities
  3. Organize/Prepare Doc/Templates
  4. Ascertain conditions/requirements
  5. Complete Pre-Assessment Planning
  6. Verify Readiness to Conduct
19
Q

Phase 1 - Ascertain Conditions and Requirements

Study These Flashcards
A
  1. Framing
  2. ID Lead
  3. Confirm Corporate ID (i.e., HQ, Host, etc.)
  4. Validate Scope
  5. Eval Model Non-Dup
  6. Inventory OSC Prac vs CMMC Model
  7. Verify/Record Evidence
20
Q

Phase 1 - Complete Pre-Assessment Planning

Study These Flashcards
A
  1. Develop Evidence Collection Approach
  2. Select CAT Members
  3. ID Resources and Schedule
  4. ID and Manage COI
21
Q

Phase 2 Steps

Study These Flashcards
A
  1. Convene Kickoff Meeting (requires completed in-brief)
  2. Collect and Examine Evidence
  3. Score Practices and Validate Preliminary Results
CCA
flashcards
Decks in class (4)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions