Understanding the Phases of the CMMC Assessment Process
TheCMMC Assessment Process (CAP)consists of multiple phases, with each phase focusing on a different aspect of the assessment.Developing the assessment planoccurs inPhase 1, which is thePre-Assessment Phase.
Key Activities in Phase 1 – Pre-Assessment Phase
Engagement Agreement: TheOSC (Organization Seeking Certification)and theCertified Third-Party Assessment Organization (C3PAO)formalize the assessment contract.
Developing the Assessment Plan: TheLead Assessorand the assessment team create anAssessment Plan, which outlines:
Scope of the assessment
CMMC Level requirements
Assessment methodology
Timeline and logistics
Initial Data Collection: Review of system documentation, policies, and relevant security controls.
Why is the Correct Answer "Phase 1" (A)?
A. Phase 1 → Correct
Phase 1 is where the assessment plan is developed.
It ensuresclarity on scope, methodology, and logistics before the assessment begins.
B. Phase 2 → Incorrect
Phase 2 is theAssessment Conduct Phase, where assessorsexecutethe plan by examining evidence and interviewing personnel.
C. Phase 3 → Incorrect
Phase 3 is thePost-Assessment Phase, which involvesfinalizing findings and submitting reports, not developing the plan.
D. Phase (Incomplete Answer) → Incorrect
The question requires a specific phase, and the correct one isPhase 1.
CMMC 2.0 References Supporting this Answer:
CMMC Assessment Process (CAP) Document
DefinesPhase 1as the stage where the assessment plan is developed.
CMMC Accreditation Body (CMMC-AB) Guidelines
Specifies thatplanning and pre-assessment activities occur in Phase 1.
CMMC 2.0 Certification Workflow
Outlines the assessment planning process as part of theinitial engagementbetween theC3PAO and the OSC.
Submit