Exam CMMC-CCA Topic 2 Question 97 Discussion
Actual exam question for Cyber AB's CMMC-CCA exam
Question #: 97
Topic #: 2
Question #: 97
Topic #: 2
During a CMMC assessment for an OSC, the Point of Contact (POC) mentioned they conducted a self- assessment beforehand. The self-assessment was part of the organization's preparations for the CMMC assessment by your C3PAO. Which publication offers the best guidance for the self-assessment procedures OSCs might use for CMMC compliance?
Suggested Answer: D Vote an answer
Comprehensive and Detailed in Depth Explanation:
NIST SP 800-171A provides detailed assessment procedures for evaluating NIST SP 800-171 security requirements, which underpin CMMC Level 2. It offers flexible methods (examine, interview, test) for self- assessments, making it the best guidance for OSCs preparing for CMMC, as noted in the CAP. Option A (DFARS 252.204-7012) specifies compliance requirements, not assessment procedures. Option B (NIST SP
800-171) lists controls, not how to assess them. Option C (NIST SP 800-172) addresses enhanced requirements beyond Level 2. Option D is the correct answer.
Reference Extract:
* NIST SP 800-171A, Introduction:"Provides assessment procedures for NIST SP 800-171, suitable for self-assessments or third-party evaluations."
* CMMC Assessment Process (CAP) v1.0, Section 1.2:"NIST SP 800-171A guides self-assessment preparation."Resources:https://csrc.nist.gov/pubs/sp/800/171/a/final;https://cyberab.org/Portals/0
/Documents/Process-Documents/CMMC-Assessment-Process-CAP-v1.0.pdf
NIST SP 800-171A provides detailed assessment procedures for evaluating NIST SP 800-171 security requirements, which underpin CMMC Level 2. It offers flexible methods (examine, interview, test) for self- assessments, making it the best guidance for OSCs preparing for CMMC, as noted in the CAP. Option A (DFARS 252.204-7012) specifies compliance requirements, not assessment procedures. Option B (NIST SP
800-171) lists controls, not how to assess them. Option C (NIST SP 800-172) addresses enhanced requirements beyond Level 2. Option D is the correct answer.
Reference Extract:
* NIST SP 800-171A, Introduction:"Provides assessment procedures for NIST SP 800-171, suitable for self-assessments or third-party evaluations."
* CMMC Assessment Process (CAP) v1.0, Section 1.2:"NIST SP 800-171A guides self-assessment preparation."Resources:https://csrc.nist.gov/pubs/sp/800/171/a/final;https://cyberab.org/Portals/0
/Documents/Process-Documents/CMMC-Assessment-Process-CAP-v1.0.pdf
by Barlow at Oct 02, 2025, 05:46 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).