CMMC Assessor Training

When Do SteelToad’s CCA Classes Start?

SteelToad is now providing CMMC CCP and CCA training courses!

Sign up for the next available course!

The 2023 schedules are posted!

SteelToad instructors employ a virtual interactive technique to offer instruction. Students may sign up for classes here.

SteelToad also provides private courses for businesses. If your organization wishes to train your team and employees in a private training session, please contact Erica Hanson for a corporate discount. Erica Hanson can be reached at Erica.Hanson@SteelToad.com.

100% of SteelToad’s CMMC Instructors are also CMMC Assessors. SteelToad’s teachers have over 25 years of industry experience in mission-critical technology environments and are familiar with cybersecurity IT in the federal marketplace.

SteelToad’s instructors consistently receive five stars from our students!

Who Should Take The CCA Certified Assessor Training Course?

The Certified CMMC Assessor Training course exam is designed for professionals who have passed the Certified CMMC Professional (CCP) exam and want to become a Certified CMMC Assessor (CCA) or who want to become an instructor for the Certified CMMC Assessor courses. After successfully passing the CCA course exam, a Certified CMMC Assessor is able to participate as a Lead Appraiser for Maturity Level 2 CMMC Assessments.

Prerequisites: CMMC Certified Assessor (CCA) Training Course

A student who wants to take the Certified CMMC Assessor course must first complete the steps to become a Certified CMMC Professional and pass the CCP Exam

The CMMC CCA course is the next step after completing the CCP certification. The CCA course positions the student to lead assessments. The requirements for CCA include U.S. Citizenship, completing three CMMC Assessments as a CCP Assessment Team Member, completing the CCA class which is taught by SteelToad, passing the CCA exam, and having a favorably adjudicated Tier 3 Sustainability Determination resulting.. The benefits that come with the CCA certification include becoming a Lead Assessor and being a member of the largest part of the Level 2 CMMC community. As a CCA, you are involved in Lead Assessor activities, Practice evaluation, and POA&M requirements for the Assessment. It is required to have at least one CCA on staff for C3PAO companies and on every Assessment Team.

What Is A Certified CMMC Assessor (CCA)?

A certified CMMC ASSESSOR (CCA) is an individual who has previously completed all prerequisites and has successfully achieved the role of a CMMC Certified Professional in the Cybersecurity Model Maturity Certification Model (CMMC) and has successfully completed the requirements necessary to attain the Certified CMMC Assessor certification.

A CCA is the Lead Appraiser for a CMMC 2.0 assessment and is responsible for assessing the compliance of an organization’s alignment and compliance with the CMMC standards and processes.

The Department of Defense (DoD) plans to require all Defense Industrial Base contractors to obtain some level of CMMC certification by 2026, depending on the sensitivity of the information they manage. A CMMC Certified Assessor is a key member of the CMMC Ecosystem and is able to lead appraisals for contractors attempting to obtain certification in CMMC Model 2.0. CMMC Certified Assessors may conduct an organization’s CMMC Maturity Level 1 assessment, although a Maturity Level 1 certification does not require a CCA, this level may be self-assessed according to self-assessment guidelines. CCAs are required to conduct the CMMC assessment for organizations seeking to achieve CMMC Certification for Maturity Level 2.

A CCA has officially signed with a Certified Third-Party Assessor Organization, to represent the C3PAO as a lead appraiser. The C3PAO directly signs a contract with an OSC (Organization Seeking CC3PAOertification). SteelToad has been a certified  since April 2022 and we have several authorized (not provisional) CMMC assessors on our team. SteelToad’s CCAs have completed several CMMC gap assessments, NIST 800-171 assessments, CMMC Fed ramped implementations, and multiple Voluntary CMMC Assessments of Organizations Seeking Certification (OSCs) under the authority of the Department of Defense Joint Surveillance Program.

Becoming A CMMC Professional (CCA)

SteelToad is a CMMC Licensed Training Provider (LTP) and is certified to provide CMMC Certified Assessor (CCA) Training courses. All SteelToad’s training courses are taught by Certified CMMC Instructors who have achieved the certification as Certified CMMC Assessors.

The first step to becoming a CMMC Certified Assessor is to complete all requirements needed to first be certified as a CMMC Certified Professional (CCP). Please see the information on our website to apply and become certified as a CCP, if you have not yet achieved this certification.

Registering for a CMMC CCA training course is the next step to becoming certified as a CMMC Assessor. SteelToad offers CMMC Certified Assessor training courses throughout the year, and students may enroll and purchase the course (link here). There are a few “set-up steps” required before students may take SteelToad’s CMMC CCA training course:

1. Students must be Certified CMMC Professional (CCP).
2. Students will fill out the application to become a CCA.
3. Students will read, review, and sign the Code of Professional Conduct (COPC)
4. Students will read, review, and sign the Individual Service Agreement.
5. Students will take the SteelToad CMMC CCA training course. The SteelToad CMMC CCP course is 40 hours of instruction delivered in five days (from 9:00 am EST to 5:00 pm EST)
6. After completion of the course, SteelToad sends the student’s roster information to CAICO, and training completion is certified.
7. Students will need to pay $275.00 as a fee to take the CMMC CCA exam.
8. The CMMC CCA exam must be taken in a proctored exam facility. This may be scheduled based on the student’s schedule and availability.

What Is The COPC?

The CoPC is the CMMC Code of Professional Conduct, the requisite agreement between Cyber AB and all CMMC ecosystem members. It specifies the expectations, responsibilities, and directions for work done in accordance with the conditions of the agreement. The CoPC’s five guiding principles are intended to ensure the highest level of moral and professional behavior. The CoPC provides particular recommendations to enhance objectivity, fidelity, communication, credibility, and consistency in all engagements.

Prior to the authorization of their credentials, all CMMC ecosystem members must sign a CoPC and pass the relevant background investigation. Furthermore, the C3PAO or RPO in charge of the engagement must ensure that all employees, contractors, CCPs, CCAs, RPs, registered or credentialed persons and all other personnel are committed to the CoPC.

If you have any queries about interactions or other areas of the CoPC, contact a SteelToad member, the C3PAO assigned to the engagement, or even the Cyber AB for explanation and/or help.

CoPC Guiding Principles

Professionalism

• Avoid being dishonest in all your transactions.
• Do not exaggerate or be misleading about the services offered.
• Do not deceive anybody about your service certification.
• Maintain your adherence to the contract or Non-Disclosure Agreement (NDA) you signed.
• To the greatest degree possible, avoid conflicts of interest.
• Be upfront in your behavior and reveal any inevitable conflicts of interest.

Fairness

• Make decisions in a fair and balanced manner.
• Avoid potential conflicts of interest.

Confidentiality

• Keep identifiable and private customer information safe from unwanted disclosure.
• Handle private data with caution and thoroughness.
• Do not duplicate materials without the client’s express authorization.

Compliance

• Maintain compliance to CMMC source model documentation, CAP, and The Cyber AB materials and methods.
• No parody of The Cyber AB or DoD intellectual property.
• Information Integrity
• Respect for intellectual property
• Lawful and ethical practices

How Long Does It Take To Get CMMC CCA Certification?

The timeframe to get a CMMC CCA is based on a student’s availability to complete the steps required to obtain a CCA certification.

How Long Does The CMMC CCA Certification Last?

CMMC Assessors must renew their certifications every year, paying the CCA renewal fee of $500.00.

Course Objectives: CMMC CCA Training Course

In the SteelToad CMMC Certified CMMC Assessor training course, students learn how to use the CMMC Assessment Process to assess the performance of cybersecurity procedures across the fourteen NIST SP 800-171 domains. With this course, students learn the following course objectives:

• How to safeguard CUI with the CMMC program.
• Determine a CCA’s obligations as a CMMC Certified Assessor.
• Learn how to conduct CMMC Assessments.
• Affirm the context and scope of a CMMC Assessment, Maturity Level 2.
• Assess the practices in all 14 domains:
  • Access Control (AC)
  • Awareness and Training (AT)
  • Audit and Accountability (AU)
  • Security Assessment (CA)
  • Configuration Management (CM)
  • Identification and Authentication (IA)
  • Incident Response (IR)
  • Maintenance (MA)
  • Media Protection (MP)
  • Personnel Security (PS)
  • Physical Protection (PE)
  • Risk Assessment (RA)
  • System and Communications Protection (SC)
  • System and Information Integrity (SI)