During aCMMC readiness review, anOrganization Seeking Certification (OSC)may argue that a specificenclave (network segment or system) is out of scopefor assessment. TheLead Assessor is responsible for verifying and approving this request.
Roles and Responsibilities in CMMC Assessments:
Certified CMMC Professional (CCP)
A CCP supports OSCs inpreparing for assessmentsbutdoes not make final scope determinations.
Certified Third-Party Assessment Organization (C3PAO)
The C3PAOoversees the assessmentbut doesnot personally verify scope exclusions—that falls under theLead Assessor’s role.
Lead Assessor (Correct Answer)
TheLead Assessor has the authorityto determine if anenclave is out of scopebased on OSC-provided evidence.
The Lead Assessor followsCMMC Assessment Process (CAP) guidelinesto ensure proper scoping.
Advisory Board
TheCMMC-AB (Advisory Board) does not make scope determinations. It focuses onprogram oversightandcertification processes.
Official References Supporting the Correct Answer:
CMMC Assessment Process (CAP) v1.0
TheLead Assessor is responsible for confirming the assessment scopeand determining enclave applicability.
CMMC Scoping Guidance for Level 2 Assessments
Requires theLead Assessor to review and approve any enclave exclusionsbefore finalizing the assessment scope.
Conclusion:
TheLead Assessoris the correct answer because they have the authority to verify scope determinations during the assessment.
✅Correct Answer: C. Lead Assessor
Submit