Skip to Content
Home /  Courses And Programs / Certified CMMC Assessor

Certified CMMC Assessor (CCA)

This course is the second of two courses in the Cybersecurity Maturity Model Certification (CMMC) road map to become a Department of Defense CMMC assessor. The CCA course prepares assessors to evaluate Organizations Seeking Certification (OSC) against CMMC Level 2 requirements, properly identify CMMC Level 2 scoping, assess Level 2 practices and assessment objectives, and conduct the CMMC Assessment Process (CAP).

Course Benefits:

  • Instruction content authorized by the DoD – CMMC Authorized Training Material (CATM)
  • Authorization to sit for the Certified CMMC Assessor (CCA) exam
  • Upon successful completion of the CCA exam
    • Authorized to participate as a CMMC assessment team member
      • Under the supervision of a Lead Certified CMMC Assessor (CCA)
      • Assess and score CMMC Level 2 Practices and Assessment Objectives (after completing 3 DoD required prerequisite assessments)
    • Authorized to use the CYBER-AB Certified CMMC Assessor logo
    • Listed in the CYBER-AB Marketplace

Key Topics:

  • Determine the difference between logical (virtual) and physical locations
  • Determine the difference between professional and industrial environments
  • Identify single and multi-site environmental constraints and evidence requirements
  • Identify cloud and hybrid environment constraints and Evidence requirements
  • Identify on-premises environmental constraints
  • Identify environmental exclusions for a level 2 CMMC assessment
  • Categorize CUI data in the form of assets that are in scope
  • Identify separation techniques
  • Identify FCI and CUI scoping considerations
  • Apply the appropriate phases and steps for a CMMC Level 2 Assessment.
  • Determine methods and objects for evidence
    • Examine
    • Interview
    • Test
  • Determine adequacy and sufficiency related to evidence around all below practices
    • Characteristics of acceptable evidence
  • Identify, evaluate, and assess 93 CMMC Level 2 Practices and their corresponding 261 assessment objectives

Intended Audiance:


The intended audience for the Certified CMMC Assessor (CCA) course includes:

  • Employees of Organizations Seeking CMMC Certification (OSC)
    • Information Technology (IT) and Cybersecurity Professionals
    • Regulatory Compliance Officers
    • Legal and Contract Compliance Professionals
    • Management Professionals
  • Cybersecurity and Technology Consultants
  • Federal Employees
  • Department of Defense (DoD) Members
  • Candidate CMMC Assessment Team Members

Required Materials: AICO Approved Training Materials (CATM) are mandatory for this program. Students will receive individual Logical Operations issued licenses valued at $150.00 per student to access CATM materials throughout the duration of this course. These licenses are not transferable and while this fee is non refundable, the fee is included in the cost of this program.

Hardware: Students will need a reliable personal computer/laptop and reliable internet connection to in order to access the training materials for this course. Also students must have completed the course CSE-80014 Certified CMMC Professional (CCP) course and have thorough familiarity with CMMC materials at

Course Typically Offered: Live Online - Spring 2024 quarter.

Next Available Course: will be offered over a 5-day period, PST on March 13-17, 2023. 

Prerequisite: Students should have a basic understanding of cybersecurity practices, cybersecurity concepts, and cybersecurity assessment techniques. Also students must have completed our course CSE-80014 Certified CMMC Professional (CCP) and have thorough understanding of CMMC materials at

Next Step: After successfully completing this course, consider taking the exam to receive certification from Cyberab. For more information refer to this website:
Upon successfully completing this course, you can request an Award of Completion from your instructor. 

Contact: For more information about this course, please email infotech@ucsd.

Fact: By 2025, recipients of DoD contracts will be required to comply with the Cybersecurity Model Maturity Certification provisions. Learn more about CMMC and CUI at UC San Diego.

Course Number: CSE-80016
Credit: 0.00 unit(s)