Planning and preparing for aCMMC assessmentinvolves collaboration between theassessorand theOrganization Seeking Certification (OSC)to determine scope, required evidence, and logistics. This planning process isdynamicand must adapt as new information emerges.
Assessment Scope and Requirements May Change
As assessors gather evidence and analyze the environment,new details about assets, networks, and security controlsmay require adjustments to the assessment plan.
TheCMMC Assessment Process (CAP) Guideemphasizes that assessmentrequirements and scope should be continuously reviewed and updatedto reflect real-time findings.
Assessors Follow an Adaptive Approach
DuringCMMC assessments, organizations may discover additionalFCI or CUI assets, which can change the required security practices to be evaluated.
Assessors shouldrevise the assessment approach accordinglyrather than strictly following an initial, unchangeable plan.
A. Scoping an assessment is easy and worry-free→Incorrect
Scoping is acritical and complex processthat requires careful evaluation of the OSC’s information systems and assets.
CMMC Scoping Guidestates thatidentifying in-scope assets is crucial and requires significant effort.
B. The initial plan cannot be changed once agreed upon→Incorrect
Theinitial assessment plan is a starting point, butit must be flexiblebased on real-time findings.
CMMC CAP Guideemphasizescontinuous refinementduring the assessment process.
C. There is a determined amount of time that the OSC's point of contact has to submit evidence and rough order-of-magnitude→Incorrect
While there aretimelines, the key focus is ensuring thatall necessary evidence is gathered accuratelyrather than rushing to meet a strict deadline.
CMMC Assessment Process (CAP) Guide– States that assessment requirements and planning should be updated as additional information is gathered.
CMMC Scoping Guide (Nov 2021)– Explains that assessors must continually refinein-scope assets and requirementsthroughout the process.
Why the Correct Answer is "D"?Why Not the Other Options?Relevant CMMC 2.0 References:Final Justification:Assessment planning is a dynamic process.Assessors must continuously review and update the requirements and planas new information emerges, makingDthe correct answer.
