CAP

From Cooey Wiki
Revision as of 22:40, 23 December 2024 by Marieramsay (talk | contribs) (Original creation of page, starting to populate information)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

The "CAP" or CMMC Assessment Process v2.0 was released in December 2024.

Selecting a C3PAO

  • If you are an Organization Seeking Certification (OSC) or an Organization Seeking Assessment (OSA), first ensure that the Assessor is part of a CMMC Third-Party Assessment Organization (C3PAO) listed as "authorized" or "accredited" on the CMMC Marketplace.
  • Then, verify that the C3PAO is in good standing and eligibility to conduct the Level 2 certification assessment.

Preparations

  • If you are an Organization Seeking Certification (OSC) or an Organization Seeking Assessment (OSA), confirm your organizations unique CAGE code(s), as assessments cannot happen without at least one.
  • Establish the assessment scope by defining all in-scope assets, which align with the organization's System Security Plan (SSP) and NIST SP 800-171 R2 requirements. In some cases, this scoping will be part of the quoting process with a C3PAO, but it's helpful to have a generic idea as to your environment to be assessed in advance of submitting requests for bids to C3PAOs.

Conflict of Interest (COI) Management

If you are an Organization Seeking Certification (OSC) or an Organization Seeking Assessment (OSA), confirm your organizations unique CAGE code(s), as assessments cannot happen without at least one.

Establish the asse

Retrieved from "https://cooey.wiki/index.php?title=CAP&oldid=107"