Your next step in the CMMC ecosystem

A CMMC Certified Assessor (CCA) is the certification required to perform formal CMMC Level 2 assessments within the US Department of War’s (DoW) cybersecurity ecosystem. A CCA equips experienced cybersecurity professionals with the advanced skills needed to evaluate evidence, validate security controls, conduct interviews, and determine whether organizations handling Controlled Unclassified Information (CUI) meet CMMC Level 2 requirements.

Earning a CCA certification demonstrates that you can:

Illustration of a computer with a shield over it

Apply CMMC Level 2 practices, objectives, and methodology during formal assessments.

Illustration with a clipboard and graph

Evaluate documentation, artifacts, and evidence for completeness and accuracy.

Illustration of a hand holding icons representing resources

Perform scoping, interviews, and validation activities within CUI environments.

A group of standing professionals

Ideal candidates for a CCA

A CCA is designed for experienced cybersecurity, audit, and compliance professionals who support defense-sector organizations or work within the Defense Industrial Base (DIB). It is also suitable for consultants, internal compliance leads, and security practitioners who guide organizations through readiness efforts and want to serve on accredited assessment teams. For those seeking further advancement, a CCA is the required step toward becoming a Lead CMMC Certified Assessor (LCCA).

A group of people talking at a desk

Why you should earn a CCA

As CMMC compliance becomes mandatory, organizations across the DIB need qualified assessors who can objectively evaluate the implementation of NIST SP 800-171 controls and determine whether cybersecurity practices meet DoW expectations. A CCA validates your expertise, expands your role opportunities, and positions you as a trusted assessor able to contribute directly to the defense supply chain’s security and compliance obligations.

CCA key features, benefits and career impact

A CCA develops the advanced, job-ready skills required to perform official CMMC Level 2 assessments. You’ll gain the authority and expertise needed to serve as a qualified assessor for organizations handling CUI. CCAs are in growing demand as more organizations require certified assessors for Level 2 evaluations.

With a CCA certification, you will be able to:

Illustration of a person with two possible paths

Serve as an assessor on C3PAO-led CMMC Level 2 assessment teams.

Illustration of a person with a briefcase and arrows pointing up

Increase your credibility as a cybersecurity auditor, compliance specialist, or consultant.

Illustration of a person with a certificate on wall

Gain the experience required to progress toward the LCCA credential.

CCA exam requirements and details

Exam Prerequisite

  • Active CMMC Certified Professional (CCP) credential
  • Complete the CMMC Certified Professional class offered by an Approved Training Provider (ATP)

Domains of Expertise

Evaluating Organizations Seeking Certification (OSC) against CMMC Level 2 = 15%
CMMC Level 2 Assessment Scoping = 20%
CMMC Assessment Process (CAP) = 25%
Assessing CMMC Level 2 Practices = 40%

Exam Specifications

  • Number of Questions: 150
  • Types of Questions: Multiple Choice
  • Length: 4 hours
  • Passing Score: 500 points
  • Closed-book Exam

Related Credentials

CAICO - CMMC Certified Professional CCP
CAICO - Lead CCA
CAICO - CMMC Certified Instructor CCI

Join us in shaping the future of cybersecurity credentialing

As we build the next era of cybersecurity credentialing, the current process stays in place. For now, all questions and certification requests should be directed to Cyber AB. ISACA-specific questions can be directed to ISACA Support.

VISIT CYBER AB