🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
CCP
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
CCP ISACA Coming Soon

CCP

ISACA CMMC Certified Professional (CCP) teaches the CMMC ecosystem, professional conduct, governance, model constructs, and assessment process, enabling learners to guide organizations toward compliant certification.

210
Minutes
170
Questions
500/800
Passing Score
${'member': 375, 'non_member': 375}
Exam Cost

Who Should Take This

Mid‑level security analysts, compliance officers, or IT auditors who have basic familiarity with NIST 800‑171 and seek to expand their expertise in CMMC implementation. They aim to master the governance framework, assessment methodology, and ethical standards required to support organizations in achieving and maintaining CMMC certification.

What's Covered

1 All domains and objectives in the CMMC Certified Professional (CCP) exam: Domain 1 CMMC Ecosystem
2 , Domain 2 CMMC-AB Code of Professional Conduct
3 , Domain 3 CMMC Governance and Source Documents
4 , Domain 4 CMMC Model Construct and Implementation Evaluation
5 , Domain 5 CMMC Assessment Process
6 , and Domain 6 Scoping

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

33 learning goals
1 Domain 1: CMMC Ecosystem
1 topic

CMMC program structure

  • Identify the key organizations and roles within the CMMC ecosystem including DoD, CAICO, C3PAOs, certified assessors, and organizations seeking certification.
  • Describe the CMMC certification lifecycle including assessment initiation, pre-assessment activities, formal assessment, scoring, and certification issuance.
  • Apply understanding of CMMC ecosystem relationships to identify appropriate engagement models and communication channels for assessment activities.
2 Domain 2: Code of Professional Conduct
1 topic

Ethics and professional conduct

  • Identify the principles and requirements of the CMMC Code of Professional Conduct including integrity, objectivity, confidentiality, and professional behavior.
  • Apply conflict of interest identification and management procedures to ensure independence and objectivity during CMMC assessment activities.
  • Analyze professional conduct scenarios to determine appropriate ethical responses and escalation actions within the CMMC ecosystem.
3 Domain 3: CMMC Governance and Source Documents
2 topics

Regulatory framework

  • Identify the regulatory basis for CMMC including 32 CFR Part 170, DFARS 252.204-7012, and the relationship between CMMC requirements and federal acquisition regulations.
  • Describe the relationship between CMMC levels and NIST SP 800-171 and SP 800-172 security requirements including practice mapping and assessment criteria.
  • Apply knowledge of CMMC governance documents to interpret assessment requirements, scoring criteria, and certification decision processes.

Source document navigation

  • Identify key CMMC source documents including the CMMC Assessment Guide, CMMC Scoping Guide, and associated NIST publications and their roles in assessments.
  • Apply CMMC source document references to resolve assessment questions and validate practice implementation interpretations.
4 Domain 4: CMMC Model Construct and Implementation Evaluation
4 topics

CMMC model structure

  • Describe CMMC maturity levels including Level 1 (Foundational), Level 2 (Advanced), and Level 3 (Expert) and their corresponding security requirements and assessment methods.
  • Identify the 14 NIST SP 800-171 security requirement families and their 110 security requirements that map to CMMC Level 2 practices.
  • Apply CMMC practice implementation guidance to evaluate whether organizational security controls satisfy specific CMMC requirements.

Access control and identification practices

  • Apply evaluation techniques to assess access control implementations including account management, access enforcement, information flow control, and separation of duties.
  • Apply evaluation techniques to assess identification and authentication controls including multi-factor authentication, password policies, and authenticator management.
  • Analyze access control evidence including access control lists, user provisioning records, and audit logs to determine practice implementation adequacy.

Configuration, media, and system protection practices

  • Apply evaluation techniques to assess configuration management practices including baseline configurations, change control, and security configuration enforcement.
  • Apply evaluation techniques to assess media protection and physical protection controls including CUI marking, media sanitization, and physical access restrictions.
  • Apply evaluation techniques to assess system and communications protection including boundary protection, encryption, and session management controls.
  • Analyze system security plan documentation to verify completeness, accuracy, and alignment of documented controls with actual implementation.

Audit, incident response, and awareness practices

  • Apply evaluation techniques to assess audit and accountability controls including audit log generation, review, analysis, and retention for CUI environments.
  • Apply evaluation techniques to assess incident response capabilities including incident handling procedures, reporting requirements, and testing of response plans.
  • Apply evaluation techniques to assess security awareness and training programs including role-based training, insider threat awareness, and CUI handling procedures.
  • Analyze risk assessment and security assessment practices to evaluate organizational risk management maturity and vulnerability management effectiveness.
5 Domain 5: CMMC Assessment Process
1 topic

Assessment methodology

  • Describe the CMMC Assessment Process phases including pre-assessment, assessment, and post-assessment activities and their key deliverables.
  • Apply assessment evidence collection techniques including document review, interview procedures, and technical testing to validate practice implementation.
  • Apply CMMC scoring methodology to determine practice assessment results including Met, Not Met, and Not Applicable determinations.
  • Analyze assessment findings to develop Plan of Action and Milestones (POA&M) entries and determine conditional certification eligibility.
6 Domain 6: Scoping
1 topic

CMMC assessment scoping

  • Identify CUI and FCI data types and describe the criteria for determining which information requires CMMC Level 1 versus Level 2 protection.
  • Apply asset categorization procedures to classify systems as CUI Assets, Security Protection Assets, Contractor Risk Managed Assets, or Specialized Assets.
  • Apply security boundary determination techniques to define the assessment scope including network enclaves, external service providers, and out-of-scope systems.
  • Analyze scoping decisions to validate that all CUI processing, storage, and transmission pathways are captured within the assessment boundary.

Scope

Included Topics

  • All domains and objectives in the CMMC Certified Professional (CCP) exam: Domain 1 CMMC Ecosystem (5%), Domain 2 CMMC-AB Code of Professional Conduct (5%), Domain 3 CMMC Governance and Source Documents (15%), Domain 4 CMMC Model Construct and Implementation Evaluation (35%), Domain 5 CMMC Assessment Process (25%), and Domain 6 Scoping (15%).
  • Foundational CMMC knowledge including CMMC ecosystem structure, program governance, regulatory framework, assessment methodology, and implementation guidance for organizations seeking certification.
  • CMMC model understanding: maturity levels (Level 1 through Level 3), security domains, practices, process maturity, and mapping to NIST SP 800-171 and NIST SP 800-172 security requirements.
  • CMMC assessment process: assessment preparation, evidence collection, interview techniques, scoring methodology, Plan of Action and Milestones (POA&M), conditional certification, and assessment reporting.
  • Scoping: Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) identification, asset categorization, security boundary determination, and enclave scoping for CMMC assessments.
  • CMMC governance: Code of Professional Conduct, conflict of interest management, assessment team composition, and quality assurance in the CMMC ecosystem.

Not Covered

  • Advanced CMMC assessment leadership and team management (covered by CCA and LCCA).
  • CMMC instructor pedagogy and curriculum delivery (covered by CCI).
  • General cybersecurity operations and SOC procedures (covered by CCOA).
  • Broad information security management beyond CMMC scope (covered by CISM).
  • Vendor-specific security tool implementation for CMMC compliance.

Official Exam Page

Learn more at ISACA

Visit

CCP is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

ISACA®, CISA®, CISM®, CRISC®, CGEIT®, and CDPSE® are registered trademarks of ISACA. ISACA does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.