Step 1: Define Roles – CCP and CCA

CCP (Certified CMMC Professional):

Entry-level certification in the CMMC ecosystem.

Supports assessment activities under the supervision of a CCA.

May assist in consulting roles outside of formal assessments.

CCA (Certified CMMC Assessor):

Certified tolead assessmentsunder the CMMC model.

Requiredfor conductingLevel 2 formal assessments.

Can be part of a C3PAO assessment team or lead it.

Source: CMMC Assessment Process (CAP) v1.0, Section 2.3 – Assessment Team Composition

“Level 2 assessments must be led by a Certified CMMC Assessor (CCA), who may be supported by one or more CCPs.”

✅Step 2: Citizenship Requirements

CAP v1.0 – Appendix B: Team Composition and Clearance Requirements

“All team members performing Level 2 assessments must be U.S. citizens when handling CUI, regardless of role.”

But forsupporting team members who do not handle CUIor inFCI-only scoping, there is no automatic exclusion based on citizenship.

So:

TheCCA leadsthe team.

CCPs can be team membersregardless of citizenship,unless restricted by contract or CUI handling needs.

❌Why the Other Options Are Incorrect

A. The CCP leads the Level 2 Assessment Team…

✘Incorrect. CCPscannot leadLevel 2 assessments.

B. The CCA leads… includes 3 CCP with US Citizenship.

✘Incorrect. Citizenship is requiredonly when handling CUI, not a universal requirement.

D. The CCP leads…

✘Again, CCPs donot have the authority to leadformal CMMC assessments.

Only aCertified CMMC Assessor (CCA)may lead aLevel 2 Assessment Team, and theymay include CCPs, evennon-U.S. citizens, if citizenship is not a requirement based on contractual or data sensitivity scope.