Who Should Be Interviewed During a CMMC Assessment?During assessment planning, theOrganization Seeking Certification (OSC)may suggest personnel for interviews. However, the person interviewedmustbe someone who:
✅Implementsthe practice (directly responsible for executing it).
✅Performsthe practice (carries out day-to-day security operations).
✅Supportsthe practice (provides necessary resources or oversight).
Theassessor needs direct insightsfrom individuals actively involved in the practice.
Funding (Option A)does not providetechnical or operationalinsight into practice execution.
Auditing (Option B)focuses on compliance checks, but auditorsdo not implementthe practice.
Supporting, auditing, and performing (Option C)includesauditors, who arenot necessarily the right interviewees.
Why "Implements, Performs, or Supports That Practice" is Correct?Breakdown of Answer ChoicesOption
Description
Correct?
A. Funds that practice.
❌Incorrect–Funding is important but doesnot mean direct involvement.
B. Audits that practice.
❌Incorrect–Auditors check compliance but donot implementpractices.
C. Supports, audits, and performs that practice.
❌Incorrect–Auditing isnot a requirementfor interviewees.
D. Implements, performs, or supports that practice.
✅Correct – The interviewee must have direct involvement in execution.
CMMC Assessment Process Guide (CAP)– Requires that interviewees bedirectly responsiblefor implementing, performing, or supporting the practice.
Official References from CMMC 2.0 DocumentationFinal Verification and ConclusionThe correct answer isD. Implements, performs, or supports that practice, as the interviewee mustactively contribute to the execution of the practice.
Submit