CMMC Authorities
Authorized to certify CMMC assessors and instructors and are required to achieve and maintain ISO/IEC 17024 accreditation requirements. Recently switched to ISACA.
What is the CMMC Assessors and Instructors Certification Organization (CAICO)?
Organization authorized to provide recommendations and consulting advice about CMMC Assessment preparation.
Who are Registered Practitioner Organizations (RPOs)?
Individuals credentialed as a consultant or associated with a C3PAO to be on an assessment team.
What is a Certified CMMC Professional (CCP)?
CMMC acronym means this.
What is Cybersecurity Maturity Model Certification?
Non-profit organization that manages the accreditations of other C3PAOs and CAICO.
What is the CyberAB (CMMC-AB)?
Organization that is required to control data flows and define system boundaries, as they will have to obtain a CMMC certificate.
What is the Organization Seeking Certification (OSC)?
Who is a Registered Practitioner (RP)?
What kind of information is CMMC focused on protecting?
What is Unclassified (but sensitive information) - Federal Contract Information (FCI) and Controlled Unclassified Information (CUI)?
Owns CMMC Model, as well as the CMMC Assessment Guides. They also ensure that CMMC requirements are written in DoD Contracts.
Who is the Office of the Undersecretary of Defense for Acquisition and Sustainment (OUSD A&S).
Organizations purpose is to train CCPs and CCAs, and delivers CATM.
Who is the Licensed Training Provider (LTP)/Approved Training Provider (ATP)?
Individuals certified to assess all practiecs on a CMMC Level 2 Assessment and must be associated with a C3PAO to be on an assessment team.
What is a Certified CMMC Assessor (CCA; formerly called a Provisional Assessor (PA))?
Information that is non-public information provided by or generated for the government under a contract to develop or deliver a product of service.
What is Federal Contract Information (FCI)?
Provides overall oversight and strategic management of the Cybersecurity Maturity Model Certification (CMMC) Program (daily management and operations of CMMC).
Who is the DoD CIO?
Organizations purpose is to create accredited content called CMMC Approved Training Material (CATM).
Who are the Licensed Publishing Partners (LPPs)/Approved Publishing Partners (APPs)?
Individual qualified to deliver CMMC Approved Training Material (CATM) through a Licensed Training Provider (LTP) and will soon be called CCIs?
What is a Provisiona Instructor (PI)?
Information that the Government creates or possesses, or that an entity creates or processes for or on behalf of the Government.
What is Controlled Unclassified Information (CUI)?
Who is the CyberAB?
Organization is authorized to manage the Assessment process and hires assessors (CCPs and CCAs) for an assessment team. They are also required to comply with ISO/IEC 17020.
Who is the CMMC Third-Party Organization?
A Cyber AB trained person that is responsible for ensuring assessment documentation completeness and accuracy.
Who is the CMMC Quality Assurance Professional (CQAP)?
This level of Assessment requires the assessor to assess 110 CMMC practices.
What is a Level 2 Assessment?