What is a CMMC Certified Assessor?

A CMMC Certified Assessor is qualified to perform CMMC maturity assessments for organization’s that are required to comply with the CMMC framework. There are three certification levels for CMMC Assessors. Each level provides the necessary authorization to conduct an assessment at the various CMMC maturity levels. 

Why is CMMC CA Certification Important?

Under the CMMC guidelines, organizations are not allowed to self-certify, and therefore must undergo an audit by a certified third-party assessment organization (C3PAO) or an accredited individual assessor in order to achieve compliance. The CMMC CA provides the necessary authorization to conduct a CMMC assessment and recommend an organization for certification. 

Who Needs a CMMC CA Credential?

The credential is valuable for any organization that has or is seeking a contract with the DoD. 

The CMMC Accreditation Body (CMMC-AB) lists three-levels of certification as follows: 

  • Certified CMMC Assessor Level 1 (CCA-1): A professional authorized to conduct CMMC assessments for ML-1 and recommend maturity level certifications 
  • Certified CMMC Assessor Level 3 (CCA-3): A professional authorized to conduct CMMC assessments up to ML-3 and recommend maturity level certifications 
  • Certified CMMC Assessor Level 5 (CCA-5): A professional authorized to conduct CMMC assessments up to ML-5 and recommend maturity level certifications

How to Get CMMC CA Certified?

To become a CMMC Certified Assessor, the person must have U.S. Citizenship. A green card is only acceptable for CCA-1. They must have a credential as a CMMC-CP, complete the training and exam for the CMMC Certified Assessor, and pass a commercial background check.  

Who is the Certifying Association?

The CMMC-Accreditation Body (CMMC-AB) is an independent organization established in 2020 designed to meet the DoD CMMC program mission. The DoD has since reestablished and designated the CMMC-AB as its sole, authorized partner for the CMMC. The CMMC-AB plays a key role within the entire CMMC ecosystem. The CMMC-AB is required to achieve compliance with the ISO/IEC 17011. 

Requirements to Stay Certified

Most cybersecurity certifications are valid for three years and require a certain number of continuing education credits to remain valid.