CMMC Authorities
Authorized to certify CMMC assessors and instructors and are required to achieve and maintain ISO/IEC 17024 accreditation requirements. Recently switched to ISACA.
What is the CMMC Assessors and Instructors Certification Organization (CAICO)?
Organization authorized to provide recommendations and consulting advice about CMMC Assessment preparation.
Who are Registered Practitioner Organizations (RPOs)?
Individuals credentialed as a consultant or associated with a C3PAO to be on an assessment team.
What is a Certified CMMC Professional (CCP)?
48 CF 52.204-21 - Basic Safeguarding of Covered Contractor Information Systems is what kind of driver (authority/compliance) and for what type of information or program?
What is a regulatory authority for FCI?
DoD Instruction 5200.48 is what kind of driver (authority/compliance) and for what type of information or program?
What is a policy for CMMC program?
Non-profit organization that manages the accreditations of other C3PAOs and CAICO.
What is the CyberAB (CMMC-AB)?
Organization that is required to control data flows and define system boundaries, as they will have to obtain a CMMC certificate.
What is the Organization Seeking Certification (OSC)?
Who is a Registered Practitioner (RP)?
DFARS Clause 252.204.7021 is what kind of driver (authority/compliance) and for what type of information or program?
What is a regulatory authority for CMMC?
This is also known as "Cloud FISMA."
What is Federal Risk and Management Program (FedRAMP)?
Owns CMMC Model, as well as the CMMC Assessment Guides. They also ensure that CMMC requirements are written in DoD Contracts.
Who is the Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD A&S).
Organizations purpose is to train CCPs and CCAs, and delivers CATM.
Who is the Licensed Training Provider (LTP)/Approved Training Provider (ATP)?
Individuals certified to assess all practiecs on a CMMC Level 2 Assessment and must be associated with a C3PAO to be on an assessment team.
What is a Certified CMMC Assessor (CCA; formerly called a Provisional Assessor (PA))?
FISMA - Federal Information Security Modernization Act is what kind of driver (authority/compliance) and for what type of information or program?
What is a legal authority for CUI, FCI, and CMMC information?
Executive Order 13556, is this kind of driver (authority/compliance), for this type of information or program.
What is a legal authority for FCI, CUI, and CMMC?
Provides overall oversight and strategic management of the Cybersecurity Maturity Model Certification (CMMC) Program (daily management and operations of CMMC).
Who is the DoD CIO?
Organizations purpose is to create accredited content called CMMC Approved Training Material (CATM).
Who are the Licensed Publishing Partners (LPPs)/Approved Publishing Partners (APPs)?
Individual qualified to deliver CMMC Approved Training Material (CATM) through a Licensed Training Provider (LTP) and will soon be called CCIs?
What is a Provisiona Instructor (PI)?
32 CFR Part 2002, is what kind of driver (authority/compliance) and for what type of information or program?
What is a regulatory authority for Controlled Unclassified Information (CUI)?
This is the parent agency for the National Institute of Standards and Technology (NIST).
What is the Department of Commerce?
Who is the CyberAB?
Organization is authorized to manage the Assessment process and hires assessors (CCPs and CCAs) for an assessment team. They are also required to comply with ISO/IEC 17020.
Who is the CMMC Third-Party Organization?
A Cyber AB trained person that is responsible for ensuring assessment documentation completeness and accuracy.
Who is the CMMC Quality Assurance Professional (CQAP)?
NARA ISOO - National Archive & Records Administration (NARA) Informatin Security Oversight Officer (ISOO) CUI Notices is what kind of driver (authority/compliance) and for what type of information or program?
What is a policy for CUI?
The three components/staff of NARA ISOO.
What are the Classification Management Staff, Operations Staff, and the CUI Staff?