Cyber AB Town Hall Wrap-Up: November 2022

Article
Article
CMMC 2.0
16 Minutes
Article
Blog
Category
Andrew Freund
Founder & CEO, Kraken Compliance
January 2, 2023

As we are all preparing for the Holiday Season, the DIB remains kicked into high gear, preparing for the DoD’s anticipated roll out of CMMC and the Cyber AB is no different. Last week the Cyber AB (formerly CMMC-AB) and the newly created CAICO, held their 2022 Year-end Town Hall Finale. Since the first town hall was conducted, they have continued to contain valuable nuggets of CMMC news, updates, and changes in the CMMC ecosystem. In case you missed it, here are the major highlights and key takeaways from the Cyber AB’s 2022 Year-end Town Hall Finale.

Year-End Town Hall Replay

Cyber-AB Updates

Topics Update Summary
Website Improvements for 2022
  • CCA Application Workflow Will be Implemented by 12/15/22.
  • Candidate C3PAO’s will be listed on the website by 12/15/22.
Joint Surveillance Voluntary Assessments
  • 5 Companies have completed a Joint Surveillance Voluntary Assessment conducted by the DIBCAC.
  • The DIBCAC has opened several additional assessment slots for the month of December.
  • 50 Companies have signed up to participate in the Joint Surveillance Voluntary Assessment Program.
  • Organizations interested in participating in the Joint Surveillance Voluntary Assessment Program, should reach out to an approved C3PAO.
CMMC Practitioner Community (RPs, RPO’s & RPA’s)
  • The Cyber-AB will be holding a meeting with RPs, RPO’s, & RPA’s to discuss CMMC updates and promotional activities. The meeting invite will be sent out to all RPs, RPO’s & RPA’s during the week of December 12th, 2022.
Draft CMMC Assessment Process (CAP)
  • All feedback received on the Draft CMMC Assessment Process (CAP) will be posted on the Cyber-AB website by December 2nd, 2022.
Cyber-AB Board of Directors
  • The Cyber-AB Board of Directors has appointed 4 new directors to the Cyber-AB Board.
Planned Website Improvement for 2023
  • Creation of CAICO website
  • Redesigned Market Place
  • Redesigned Market Place

CAICO Updates

Topics Update Summary
Certified CMMC Professional (CCP)
  • The Certified CMMC Professional (CCP) exam is now live and available to all approved CCP applicants.
Certified CMMC Assessor (CCA)
  • The CAICO completed the Certified CMMC Assessor (CCA) Beta Exam on November 30th and expects to release the final version of the CCA Exam on December 16th, 2022.
  • The CAICO is developing an initiative that will pair Certified CMMC Assessor candidates with the DIBCAC Assessments, to help CCA candidates meet the CMMC Assessment participation requirement. All Certified CMMC Assessor candidates are required to participate in 3 CMMC Assessments to become an approved CCA.

Cyber-AB Myth Busters

CMMC Myth 1
Myth
  • The CMMC rules have been pre-designated for “Interim Final Rule” status, placing them on a faster track to be in effect for DoD procurement implementation after a 60-day public comment period.
Fact: Short Version
  • Short version, we do not yet know and are waiting for it to be announced.
Fact: Expert Version
  • The Office of Information and Regulatory Affairs (OIRA) with OMB, is responsible for publishing the Unified Agenda bi-annually (fall version & spring version). Each version of the Unified Agenda indicates the status of proposed rules. The next version of the Unified Agenda (fall version) is expected to be released on the OIRA website in the next couple of weeks. The fall version is expected to indicate whether the proposed CMMC rules will obtain a “Interim Final Rule” status or if they will go through the full rule making process. Below is a brief outline on how each status could impact the proposed CMMC rules.
  • Interim Final Rule Status: Achieving the “Interim Final Rule” status, will enable the DoD to fast track the roll out of CMMC.
  • Full Rule Making Status: Achieving the Full Rule Making Status will result in an extended rule making process that will prolong the DoD’s roll out of CMMC.
CMMC Myth 2
Myth
  • One or more companies participating in the Joint Surveillance Voluntary Assessment Program have “failed” their assessment.
Fact: Short Version
  • This is a myth and is not true.
Fact: Expert Version
  • The Joint Surveillance Voluntary Assessments are conducted under “DIBCAC High” rules, which results in a numerical score. The “DIBCAC High” rules do not result in either a “pass / fail” or “met / not met” result. Given this, no companies participating in the Joint Surveillance Voluntary Assessment Program could have failed their assessment.

Year-End Town Hall Replay

Share this post

FAQ: CMMC Certified Professional

What happened to the Certified CMMC Professional program?

The CMMC Certified Professional (CCP) designation has replaced the previous Certified CMMC Professional program. This CMMC program change aligns with the updated CMMC 2.0 framework and reflects the evolving cybersecurity compliance requirements within the Department of Defense (DoD) supply chain.

Can I prepare for the CCP exam through self-study without taking an official course?

The CAICO requires all CCP Candidates to complete a CCP training course delivered by an Approved Training Provider (ATP), in order to be eligible for the CCP certification exam. Self-study using CMMC guidance documents and NIST publications is helpful preparation, but it does not substitute for the mandatory official training portion. You must complete the CCP training course delivered by an ATP before you’re eligible to sit for the CCP certification exam.

What happens to my CCP if CMMC requirements change again?

The Cyber AB updates exams and continuing education expectations as the CMMC program evolves. Existing CCPs remain valid but may need to meet new training or recertification milestones when major framework changes are implemented. When NIST SP 800-171 Rev. 3 is fully adopted, for example, expect updated training requirements. Stay subscribed to The Cyber AB communications to avoid surprises.

Is the CCP certification only valid in the United States?

CMMC is a U.S. DoD program, but its reach extends internationally. Foreign-owned companies that supply the DoD or work with U.S. primes also pursue CMMC readiness, making CCP relevant wherever DoD contracts are in play. Canadian, UK, Australian, and other allied nation companies working in the defense supply chain frequently need CCP-trained professionals to manage their compliance obligations.

Do I need to work for a C3PAO to benefit from the CCP credential?

No. Employment by a C3PAO is not required. Many CCPs work inside defense contractors, consulting firms, or prime contractors where they lead readiness efforts rather than formal third-party assessments. The credential is equally valuable for internal compliance roles, independent consulting, and advisory positions across the defense industrial base.

How long does it typically take to become a CMMC Certified Professional from start to finish?

Most candidates complete the process within 1–3 months. This includes scheduling and completing the 30–40 hour training course, preparing for the exam, and sitting for the CCP certification test. If you’re new to NIST SP 800-171 or defense contracting, allow additional time for foundational preparation before the course. The background investigation or suitability determination may add time depending on your situation.

Subscribe To Our Newsletter

Stay up-to-date on Govt. IT Compliance changes and getexpert compliance, audit, and security tips.