Understanding the Phases of the CMMC Assessment ProcessTheCMMC Assessment Process (CAP)consists of multiple phases, with each phase focusing on a different aspect of the assessment.Developing the assessment planoccurs inPhase 1, which is thePre-Assessment Phase.
Engagement Agreement: TheOSC (Organization Seeking Certification)and theCertified Third-Party Assessment Organization (C3PAO)formalize the assessment contract.
Developing the Assessment Plan: TheLead Assessorand the assessment team create anAssessment Plan, which outlines:
Scope of the assessment
CMMC Level requirements
Assessment methodology
Timeline and logistics
Initial Data Collection: Review of system documentation, policies, and relevant security controls.
Key Activities in Phase 1 – Pre-Assessment Phase
A. Phase 1 → Correct
Phase 1 is where the assessment plan is developed.
It ensuresclarity on scope, methodology, and logistics before the assessment begins.
B. Phase 2 → Incorrect
Phase 2 is theAssessment Conduct Phase, where assessorsexecutethe plan by examining evidence and interviewing personnel.
C. Phase 3 → Incorrect
Phase 3 is thePost-Assessment Phase, which involvesfinalizing findings and submitting reports, not developing the plan.
D. Phase (Incomplete Answer) → Incorrect
The question requires a specific phase, and the correct one isPhase 1.
Why is the Correct Answer "Phase 1" (A)?
CMMC Assessment Process (CAP) Document
DefinesPhase 1as the stage where the assessment plan is developed.
CMMC Accreditation Body (CMMC-AB) Guidelines
Specifies thatplanning and pre-assessment activities occur in Phase 1.
CMMC 2.0 Certification Workflow
Outlines the assessment planning process as part of theinitial engagementbetween theC3PAO and the OSC.
CMMC 2.0 References Supporting this Answer:
Submit