Training: something everyone talks about when you are discussing cybersecurity, and now when you are discussing CMMC as well.
CMMC has identified training as a cornerstone of its process with a layered approach. To become a Certified CMMC Assessor (CCA), one must first become a Certified CMMC Professional (CCP). However, there has been confusion around some of the requirements that candidates for CMMC certification must go through. One of these requirements has been whether CCPs will have to sit in on CMMC Level 2 assessments before becoming CCAs.
The CMMC-AB has limited organizations that can provide CMMC training under the established, Licensed Training Provider (LTP) program. These LTPs are listed in the CMMC marketplace and had to meet very stringent requirements to become approved. This included providing specific information and attestation to their prior training ability before being authorized to provide CMMC training. Currently, LTP training is provided by a Certified CMMC Provisional Instructor (PI). Similar to the LTP requirements, the PI has attended training over and above even the Provisional Assessors (PAs) to become a PI. In the provisional model, all PI candidates have to pass PA training first, before taking the PI training.
Currently, the requirement is that CCA candidates must participate in a minimum of three CMMC Level 2 assessments before becoming a CCA. This requirement speaks to the certification not simply being a “paper” certification, but that the assessor candidates demonstrate, practically, that they understand the CMMC assessment procedures. This is different than other well-known certifications in that It requires demonstration of a specific assessment model rather than an overall “experience” requirement.
What This Means to You
Currently, there are only six Certified Third-Party Assessment Organizations (C3PAOs) with which CCA candidates can participate on assessments. Meaning any CCPs seeking to become CCAs should go through training now, as opposed to when the final CMMC v2.0 training comes out. The reasoning is that there will be limited CMMC Level 2 assessment spots available for candidate CCAs to sit in on once the assessments are approved to begin. By completing training now, candidate CCAs will be better postured to capture one of these spots before the backlog begins.
If you are one of the numerous candidates waiting to take the current training because of the delta training or are waiting on the exams that won’t be available until later in 2022, you may want to re-think your strategy. Due to the anticipated backlog of candidate CCAs trying to complete the requirement, it is highly recommended that candidates begin their training now to avoid sitting on a list.
As more LTPs are registered in the Marketplace, the decision of whom to utilize for training becomes an important decision. As mentioned earlier, there are several LTPs offering training classes in a variety of formats, but currently, there are only six C3PAOs. Out of the six C3PAOs, only two of them are currently LTPs! So, it will take collaboration amongst all the C3PAOs to assist the CMMC-AB to achieve this requirement.
There are many reasons why one should partner with Redspin for their training goals. Redspin was the first authorized C3PAO to hit the CMMC ecosystem and Redspin offers innate knowledge of what it takes to understand the CMMC requirements, put the requirements into practice, and ensure the practices continue to meet the requirements under CMMC. Additionally, candidates who train with Redspin will gain valuable experience and knowledge from Redspin’s CMMC PI, Dr. Thomas Graham, who was the chief architect of Redspin and played a vital role in Redspin becoming the first Authorized C3PAO.
At Redspin, we are proud of our achievements, and we are excited about working closely with the CMMC-AB to assist with the nuances this training requirement will bring. To us, the main “take-away” to this training requirement is whether candidate CCAs take training with us, or another LTP, the time to wait is over.
For information on Redspin’s CMMC training classes, or to reserve your spot at a CMMC assessment class, please go to https://training.redspin.com. Classes currently offered are virtual, in-person; or if you have enough candidates, we can come to you! For questions surrounding Redspin’s training, please see our FAQ at [insert FAQ link here] or reach out to us directly.
About the AuthorFollow on Twitter Follow on Linkedin More Content by Thomas Graham