From the perspective of a CMMC Certified Assessor (CCA) affiliated with an authorized CMMC Third-Party Assessment Organization (C3PAO), this presentation is rooted in firsthand experience, having successfully compiled the necessary documentation and passed the rigorous U.S. Department of Defense’s DIBCAC High Confidence assessment and a Joint Surveillance Voluntary Assessment (JSVA).

The pathway to CMMC / NIST 800-171 compliance requires a Defense Industrial Base (DIB) contractor or subcontractor to meticulously prepare a comprehensive set of documentation. This talk aims to demystify the assessment process, highlighting key focus areas for assessors and delineating the preparatory steps essential for achieving a CMMC Level 2 Certification Assessment. This includes discussing the scoping process, understanding control inheritance, and setting realistic expectations for involvement and documentation from managed service providers (MSPs) and cloud service providers (CSPs). 

Furthermore, the presenter will share an essential objective evidence list crafted to guide DIB contractors on what assessors anticipate regarding documentation and assessment activities. Attendees will leave with a robust understanding of the CMMC Level 2 certification assessment process, insight into assessor expectations, and resources to streamline their preparation for CMMC compliance.

Audience Key Takeaways:

1. Gain a comprehensive overview of the CMMC Level 2 certification assessment process, enriched by the presenter's JSVA experience.
2. Acquire a clear understanding of what C3PAOs anticipate from DIB contractors in preparation for and during the assessment.
3. Receive an invaluable objective evidence list to guide DIB contractors in preparing their documentation and assessment activities according to assessor expectations.