April marks another milestone for ISACA in our new role as CMMC Assessor and Instructor Certification Organization (CAICO) for the Cybersecurity Maturity Model Certification (CMMC) program, as CAICO services fully transitioned to ISACA this month.
CMMC, one of the largest cybersecurity assessment programs in the world, verifies that contractors across the Defense Industrial Base are compliant with mandatory cybersecurity requirements.
This is a critically important ecosystem not just in the United States, but globally. As I wrote in Forbes, while CMMC is a US DoW program, its impact will be felt globally, as organizations in any country that conducts business with the DoW must be CMMC-compliant as contractually required.
Becoming a CCA, CCP or CCI provides several benefits such as:
- Opportunities to expand career options/being able to consult and assess on CMMC implementations
- Knowledge of the state-of-the-art, as adopting CMMC elevates cybersecurity framework implementation in the DIB industry and beyond
- Participation in an ecosystem that provides continuous learning opportunities
- Contribution to addressing the cybersecurity skills gap and protecting implementations from cyberattacks
ISACA, as the CAICO, is implementing a new strategy for building a holistically trained workforce domestically and internationally, tapping ISACA’s community of around 200,000 members, more than 225 chapters around the world, as well as its existing and continuously expanding international network of authorized training partner organizations. We are also standardizing the credentialing and member experience process in order to offer candidates and members the highest level of service quality. We are investing in new material and courses under the specifications of the Code of Federal Regulations (CFR) and educating our international community for incorporating CCA, CCP and CCI in broader career pathways. We have applied the ISACA CPE policies to CMMC credentials for ensuring all certified professionals are up to date and that the overall workforce aligns with the state-of-the-art.
Finally, we have taken initiative to reduce the overall cost of ownership of the CMMC credentials, creating access at the same time to ISACA membership that provides benefits such as an international community, knowledge and tools.
As CAICO operations fully transition to ISACA, we have prepared answers to numerous frequently asked questions on the ISACA website. See several of the questions and answers below, and visit our CAICO webpage for additional FAQs and information on ISACA’s CAICO status.
Q: How can I set up an ISACA account?
A: An account was set up for you using the email address associated with your CyberAB account. When you log in, simply click “reset password” to set up a new password.
Q: For those who now have two accounts because they used different email addresses for ISACA and Cyber AB, how can those be reconciled?
A. Please visit support.isaca.org to contact ISACA’s Customer Experience Center and reconcile your accounts.
Q. Can the CPE activities that we submit for the other ISACA certification be used for the CCP and/or CCA certifications?
A. Yes, if the CPE activity fulfills both an ISACA certification and CCP/CCA you’re able to apply those CPEs to both certifications.
Q. Are CPE policies available for CCP and CCA?
A. Yes, you can access the CPE policy here.
For CCPs and CCAs, a minimum of 20 CPE must be earned each year, with a total of 120 CPE over a three-year cycle. At least 90 CPE must relate to the certification itself, and two of the 90 must relate to CMMC rules. These two CMMC-specific CPEs, which will focus on requirements, guidance and official interpretations that affect professional practice, will be identified each year to help you meet this requirement. The remaining 30 CPE can relate to the certification or to general professional development, such as leadership, soft skills and mentorship. Lead CCAs do not need to report any additional CPE to maintain that credential.
Q. What are requirements for taking the CCA exam?
CCA candidates do not need to have completed Tier 3 before they can take the CCA exam.
If you pass the CCP exam and take CCA training, you can take the CCA exam, just as you could previously.
Q. Moving forward, who will be handling Tier 3 Investigations for CCPs/CCAs: ISACA (CAICO) or CyberAB?
A. CyberAB will continue to run point on Tier 3 Investigations for CCPs and CCAs.
Q. Have the costs associated with the CMMC certification changed?
A. While new exam prices have increased compared to the old model and in line with similar industry certifications, we are happy to report that annual renewal costs have decreased to the extent that total cost of ownership over the three-year cycle is very similar and, in some cases, substantially lower. For example, three-year total costs for someone holding CCP and CCA were $3,175 with previous pricing. Those become $2,280 through ISACA and are reduced to $2,105 with ISACA membership.
Q. Are the exams conducted in person or remotely?
A. Both options are available.
