top of page

How to Become a Certified CMMC Assessor: A Step-by-Step Guide



To safeguard sensitive national security information, the Department of Defense (DoD) launched CMMC 2.0, a comprehensive framework to protect the Defense Industrial Base’s (DIB) sensitive unclassified information from frequent and increasingly complex cyberattacks. As a Certified CMMC Assessor (CCA), you will play a critical role in helping DIB organizations achieve and maintain compliance with the CMMC requirements. In this article, we will explore the steps you need to take to become a Certified CMMC Assessor (CCA) and the requirements you must meet.




Step 1: Must be a U.S. citizen to apply for suitability


The first requirement for becoming a Certified CMMC Assessor is that you must be a U.S. citizen. This is a requirement to achieve DoD suitability, as the CMMC program is focused on protecting the nation's critical infrastructure from cyber threats.


Step 2: Must hold a Certified CMMC Professional (CCP) certification


To become a Certified CMMC Assessor (CCA), complete the 3-5 days CCP training with a CMMC Licensed Training Provider (LTP). Register and pass the CCP exam. The CCP certification is a prerequisite for the Certified CMMC Assessor (CCA) certification and demonstrates that you have a thorough understanding of the CMMC framework and requirements.


Step 3: Achieve DoD Suitability


In addition to the CCP certification, you must also achieve DoD Suitability. This means that you have undergone a WHS background check and have been deemed suitable to work on defense-related projects.


Step 4: Participate on three Level 2 CMMC assessments assessing only Level 1 practices


As a requirement to become a CCA, you must have experience and knowledge of the CMMC framework, and the best way to demonstrate that is to participate on three level 2 assessments assessing only level 1 practices. This will provide you with the hands-on experience necessary to evaluate organizations' cybersecurity practices and processes and determine their level of maturity. The assessments do not have to be completed before training for CCA however, they are required before becoming an official DoD Certified CMMC Assessor.


Step 5: Earn the Certified CMMC Assessor (CCA) certification


Complete the 3-5 days CCA training with a CMMC Licensed Training Provider (LTP). Register and pass the CCA exam. Once you have met all of the above requirements, you can apply for the Certified CMMC Assessor (CCA) certification. The application process includes a demonstration of your knowledge and skills through an assessment, which will be conducted by the Cyber AB.


Step 6: Sign the agreements and pay all fees to the Cyber AB


Finally, once you have earned your CCA certification, you will need to sign the Code of Professional Conduct (CoPC) and pay all fees to the Cyber AB. This includes an annual fee, which will be used to support the ongoing maintenance and development of the CMMC program.


In conclusion, becoming a Certified CMMC Assessor (CCA) is a challenging but rewarding career path. By following the steps outlined in this article and meeting the requirements, you can gain the knowledge and skills you need to excel in this field and make a meaningful contribution to the cybersecurity of our nation.


Note: As the CMMC program is relatively new and still under development, the information provided in this article is based on the best available information at the time of writing. Please consult www.cyberab.org for the most up-to-date information.




bottom of page