Certified CMMC Assessor Domain 3: CMMC Assessment Process (CAP) v5.X Course

2 hours, 51 minutes


Domain 3, Task 1 overview

Video - 00:06:00

An overview of the CMMC Assessment Process (CAP) explains how we will address each of the 4 phases of the CAP.
Phase 1 - Plan and prepare assessments

Video - 00:14:00

In this overview video, we will dicuss phase 1 of Domain 3, how to plan and prepare assessments.
Corporate identity to be assessed

Video - 00:16:00

We begin our discussion of how to analyze requirements starting with how corporate identity should be assessed.
CMMC assessment scope

Video - 00:10:00

Continuing our discussion of analyzing requirements, we dive into the CMMC assessment scope.
Identify/Map OSC cybersecurity procedures

Video - 00:03:00

In our next video on analyzing requirements, we will identifying/mapping OSC cybersecurity procedures.
OSC self-assessment or pre-assessment

Video - 00:11:00

Learn how organizations seeking certification conduct self-assessments or pre-assessments.
Preliminary list of possible evidence

Video - 00:09:00

What sort of materials can be used as evidence? We'll go over documents, inventories, screen shares, and more in this informative video.
System security plan and other relevant documentation

Video - 00:05:00

The system security plan (SSP) is mandated by control CA.L2– 3.12.4. We’ll discuss what that means in this video.
OSC personnel responsible for in-scope procedures

Video - 00:03:00

Who is responsible for in-scope procedures? Find out as we discuss the list of all OSC personnel who play a role in such procedures.
Develop assessment plan

Video - 00:03:00

In this video, we discuss how the lead assessor works with the OSC’s point of contact to develop an assessment plan, tailor the plan, and get approval by the OSC assessment official, the lead assessor, and the C3PAO.
Develop assessment plan: evidence collection

Video - 00:11:00

It is critical that evidence is identified, evidence is adequate, and evidence is sufficient, so we'll focus on evidence collection in this video.
Develop assessment plan: identify resources

Video - 00:11:00

We discuss ways in which the lead assessor will work with the OSC POC to set resource expectations regarding identifying the resources necessary for the assessment.
Verify readiness to conduct assessment

Video - 00:05:00

The CCA, as a part of the assessment team, will verify readiness to conduct assessment. This video explains how the CCA will identify, obtain, inventory, and verify evidence.
Phase 2 - Conduct the assessment

Video - 00:10:00

We will move on to Phase 2 of the CMMC, which is conducting the assessment.
Collect and examine evidence

Video - 00:04:00

How do you begin to conduct the assessment? The video shows that it typically begins with the collection and remote review of artifacts and evidence.
Examine and analyze assessment objects

Video - 00:04:00

This video focus on the 3.1.2A, in which the assessment team analyzes evidence to make sure practices and related policies, plans, or processes are effective.
Conduct interviews and analyze results

Video - 00:03:00

Continuing on with 3.1.2A, we discusss how interviews with responsible OSC team members can ensure that business practices align with security practices.
Observe tests and analyze results

Video - 00:02:00

In this video, we focus on tests and test mechanisms that demonstrate whether the implementation of security practices has led to assessments being met or unmet.
Verify evidence and record gaps

Video - 00:07:00

After testing and analysis, the assessment team must verify the adequacy of the evidence provided and make sure that any gaps are noted, as explained in this video.
Update evidence review approach and status

Video - 00:02:00

In this video, the discussion centers on the assessment week, and covers how progress toward sufficient and adequate coverage of the assessed practices is progressing, including requests for additional evidence.
Score practices and validate preliminary results

Video - 00:05:00

We discuss in this section how after all evidence has been presented and reviewed, the assessment team will meet and exchange information daily to determine scores on the assessment objectives.
Generate final recommended assessment results

Video - 00:05:00

In the last video in this section on Phase 2, we discuss the final generation of assessment results, which are recorded in a brief as either met or not met.
Phase 3 - Report recommended assessment results

Video - 00:04:00

As we near the end of our discussion of the CMMC assessment process, we focus on Phase 3, which is to report recommended assessment results.
Limited practice deficiency correction evaluation

Video - 00:15:00

In this video, we discuss the limited practice deficiency correction evaluation, which provides an opportunity for OSCs to resolve problems with their assessment within the designated timeframe.
Phase 4 - CMMC plans of action milestones (POA&M) close-out assessment

Video - 00:01:00

Though Phase 4 is not included in the CCA learning objectives, this video provides a quick overview of steps that may be required: a plan of action and milestones followed by a closeout assessment report.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust