What is covered in the CMMC Certified Assessor (CCA) exam?
The CMMC Certified Assessor™ (CCA™) exam consists of 150 questions covering four job practice domains, all testing your knowledge and ability before authorization to lead and conduct official Cybersecurity Maturity Model Certification (CMMC) Level 2 certification assessments for C3PAOs.
Job practice areas tested for and validated by a CCA certification
15% DOMAIN 1 – Evaluating Organizations Seeking Certification (OSC) Against CMMC Level 2
A—Assess the various environmental considerations of Organizations Seeking Certification (OSCs) against CMMC Level 2 practices.
20% DOMAIN 2 – CMMC Level 2 Assessment Scoping
A—Analyze the CMMC assessment scope of Controlled Unclassified Information (CUI) assets as they pertain to a CMMC assessment using the five categories of CUI assets as defined in the CMMC Level 2 Assessment Scoping Guide.
B—Given a scenario, analyze the CMMC assessment scope based on the redetermined CUI categories within the CMMC Level 2 Assessment Scoping Guide.
C—Evaluate the CMMC assessment scope considerations based on the CMMC Level 2 Assessment Scoping Guide.
25% DOMAIN 3 – CMMC Assessment Process (CAP)
A—Given a scenario, apply the appropriate phases and steps to plan, prepare, conduct, and report on a CMMC Level 2 Assessment.
40% DOMAIN 4 – Assessing CMMC Level 2 Practices
A—Identify evidence verification/validation methods and objects for practices based on the CMMC Level 2 Assessment Guide and CMMC Assessment Process (CAP) documentation.
Getting ready for the exam
CCA training is available through an ATP on the CyberAB Marketplace.