While conducting a Level 2 Assessment, the Assessment Team begins reviewing assessment objects. The team identifies concerns with several of the objects presented. Which artifacts would require the MOST verification?
A.
Current artifacts produced by individuals performing the work
B.
Artifacts created 18 months ago by individuals performing the work
C.
Current artifacts produced by individuals that work for a separate entity of the company
D.
Artifacts created 18 months ago by individuals that work for a separate entity of the company
Applicable Requirement (CAP – Evidence Validity): Evidence must be relevant, reliable, and timely. Artifacts from separate entities or outdated sources require extra scrutiny.
Why D is Correct: The least reliable evidence is old (18 months) and produced by individuals not part of the OSC entity being assessed. Such artifacts require the most verification to determine applicability.
Why Other Options Are Insufficient:
A: Strongest evidence (current and from OSC staff).
B: Outdated, but still from OSC staff (more reliable than outside entity).
C: Current, but external (still stronger than outdated + external).
References (CCA Official Sources):
CMMC Assessment Process (CAP) v1.0 — Evidence Collection and Reliability Criteria
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit