The correct answer is:
✅ D. NIST SP 800-171A
📘 Explanation:
The CMMC Assessment Process (CAP) and the CMMC Assessment Guide – Level 2 explicitly state that the assessment procedures used in CMMC are based on:
NIST Special Publication 800-171A, titled "Assessing Security Requirements for Controlled Unclassified Information."
This document provides the assessment objectives, methods (examine, interview, test), and objects used to evaluate the implementation of the security requirements defined in NIST SP 800-171.
❌ Why the Other Options Are Incorrect:
A. NIST SP 800-53: Defines security and privacy controls for federal information systems, not specific to CUI or CMMC.
B. NIST SP 800-53A: Provides assessment procedures for SP 800-53 controls, not for SP 800-171.
C. NIST SP 800-171: Defines the security requirements for protecting CUI, but not the assessment procedures.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CCP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
578ae95
1 month, 2 weeks ago