CCP Flashcards
Minimum practice score to pass an assessment
88/110 (80%)
Which executive order placed NARA in charge of the CUI program?
EO 13556
How many controls (practices) are there for CMMC L1
17
How many assessment objectives are there for CMMC L1
59
How many domains are there in CMMC L1
6
What are the 6 domains addressed in CMMC L1
(AC) Access Control, (IA) Identification & Authentication, (MP) Media Protection,
(PE) Physical and Environmental, (SC) System & Communications Protection,
(SI) System & Information Integrity.
How many controls (practices) are there in CMMC L2
110
How many assessment objectives are there in CMMC L2
320
How many domains are there in CMMC L2?
14
CMMC L1 controls are described as
Foundational
CMMC L2 controls are described as
Advanced
CMMC L3 controls are described as
Expert
Which contract clause protects FCI
FAR 52.204.21
Which contract clause requires 800-171 self assessment, and submission of SPRS score
DFARS 252.204-7019
Which contact clause allows for a DIBCAC medium or high assessment?
DFARS 252.204-7020
What are the 5 sections in the code of professional conduct?
Professionalism, Objectivity, Confidentiality, Proper use of Methods, and Information Integrity
Define “Affirmation”
a response to the interview examination method by the OSC
Define “adequacy”
Does the evidence meet the objective (is it right)
Define “sufficiency”
Does the evidence address the full scope of the program (is there enough)
What markings are required on a CUI document?
- “controlled” or “CUI”
- the specified category if applicable
- designation indicator (which agency controls it)
What are the four phases of the CAP?
- Plan and prepare assessment
- conduct the assessment
- Deliver recommended results
- POA&M closeout
What are the 5 primary steps in the first phase of the CAP?
- Establish roles and responsibilities
- Organize and prepare
- Analyze assessment requirements
- Develop assessment plan
- Verify readiness to conduct the assessment
Which ISO cert must a C3PAO obtain?
ISO 17020
Which ISO cert must the Cyber-AB obtain
ISO 17011
Which ISO Cert must the CAICO obtain
ISO 17024
What are the 3 assessment methods
- Examine
- Interview
- Test
Which org is RESPONSIBLE for CMMC training
CAICO
Which org PUBLISHES training content
Licensed Partner Publisher (LPP)
Which org ISSUES training content
Licensed Training Provider (LTP)
What is a CCMI
Certified CMMC Master Instructor
Which Code of Federal Regulations established the CUI program after Executive Order 13556?
CFR 32 Part 2002
Which contract clause requires a CMMC certification?
DFARS 252.204-7021
What is a prioritized acquisition program
A program that requires a C3PAO L2 assessment
What does CMMC stand for?
Cybersecurity Maturity Model Certification
Who oversees the CMMC-AB/CyberAB
The Department of Defense (DoD)
What is the official title of NIST 800-171
Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
How often must a CMMC certification be reassessed by a C3PAO
3 years
What is the subject of CFR Title 32
National Defense
What is the subject of CFR Title 48
Federal Aquisition Regulations System
How much time does an OSC have to remediate a limited practice deficiency after the completion of an assessment?
180 days
Which contract clause requires the implementation of NIST 800-171
DFARS 252.204-7012
Which contract clause allows the DoD to use an SPRS score to evaluate contract bids?
DFARS 252.204-7024
