Understanding CMMC Assessment ProceduresACMMC assessment procedureconsists of:
Assessment Objective– Defines what is being evaluated and the expected outcome.
Assessment Methods– Specifies how the evaluation is conducted (e.g.,examination, interviews, testing).
Assessment Objects– Identifies what is being evaluated, such as policies, systems, or people.
Assessment Objectivesincludedetermination statementsthat describe the expected outcome for each CMMC security practice.
These statements define whether a practice has beenadequately implementedbased ondocumented evidence and assessment findings.
TheCMMC Assessment Process (CAP) GuideandNIST SP 800-171Aspecify that each practice has a determination statement guiding assessment decisions.
A. Specifications and mechanisms→Incorrect
These belong toassessment objects, which refer to the systems, policies, and mechanisms being evaluated.
B. Examination, interviews, and testing→Incorrect
These areassessment methods, which describe how assessorsverifycompliance (e.g., through interviews or testing).
D. Exercising assessment objects under specified conditions→Incorrect
This refers toassessment testing, which is a method, not an assessment objective.
CMMC Assessment Process (CAP) Guide– Describes determination statements as the core of assessment objectives.
NIST SP 800-171A– Defines determination statements as a key element of evaluating security controls.
Why the Correct Answer is "C"?Why Not the Other Options?Relevant CMMC 2.0 References:Final Justification:Since anassessment objectiveincludes adetermination statementthat describes whether a practice is implemented properly, the correct answer isC.
