Which statement BEST describes the key references a Lead Assessor should refer to and use...

Key References for a Lead Assessor in a CMMC AssessmentALead Assessorconducting aCMMC assessmentmust rely onofficial CMMC guidance documentsto evaluate whether anOrganization Seeking Certification (OSC)meets the required cybersecurity practices.

TheCMMC Assessment Guideprovidesdetailed descriptionsof eachpractice and processat the specificCMMC level being assessed.

It defines:✔Theassessment objectivesfor each practice.✔Therequired evidencefor compliance.✔Thescoring criteriato determine if a practice isMET or NOT MET.

Most Relevant Reference: CMMC Assessment Guide

A. DoD adequate security checklist for covered defense information → Incorrect

TheDoD adequate security checklistis related toDFARS 252.204-7012 compliance, butCMMC assessmentsfollow theCMMC Assessment Guide.

B. CMMC Model Overview as it provides assessment methods and objects → Incorrect

TheCMMC Model Overviewprovideshigh-level guidance, butdoes not contain specific assessment criteria.

C. Safeguarding requirements from FAR Clause 52.204-21 for a Level 2 Assessment → Incorrect

FAR 52.204-21is relevant toCMMC Level 1 (FCI protection), butCMMC Level 2 follows NIST SP 800-171and requiresCMMC Assessment Guidesfor validation.

D. Published CMMC Assessment Guide practice descriptions for the desired certification level → Correct

TheCMMC Assessment Guideis theofficial documentused to determine if anOSC meets the required security practices for certification.

Why is the Correct Answer "D. Published CMMC Assessment Guide practice descriptions for the desired certification level"?

CMMC Assessment Process (CAP) Document

Specifies thatLead Assessors must use the CMMC Assessment Guidefor official scoring.

CMMC Assessment Guide for Level 1 & Level 2

Providesdetailed descriptions, assessment methods, and scoring criteriafor each practice.

CMMC-AB Guidance for Certified Third-Party Assessment Organizations (C3PAOs)

Confirms thatCMMC assessments must follow the Assessment Guide, not general DoD security policies.

CMMC 2.0 References Supporting This Answer:

Final Answer:✔D. Published CMMC Assessment Guide practice descriptions for the desired certification level.