Last Step in Developing an Assessment Plan for an OSC
Developing anassessment planinvolves:
Defining the assessment scope(e.g., systems, networks, locations).
Planning test activities(e.g., interviews, evidence review, technical testing).
Verifying the OSC’s readiness(e.g., ensuring required documents are available).
Updating the assessment plan and schedule as needed.
Final Step: Obtaining and recording the OSC’s commitment to the assessment plan.
Why is obtaining commitment the last step?
✔Theassessment cannot proceed unless the OSC agrees to the finalized plan.
✔This ensuresOSC leadership understands the scope, timeline, and responsibilities.
✔TheC3PAO must document this commitmentto formalize the agreement.
Why is the Correct Answer "D. Obtain and record commitment to the assessment plan"?
A. Verify the readiness to conduct the assessment → Incorrect
Readiness verification happens earlierin the planning process, not as the last step.
B. Perform certification assessment readiness review → Incorrect
Areadiness review is conducted before finalizing the plan, not at the very end.
C. Update the assessment plan and schedule as needed → Incorrect
Updating the plan happens before commitment is obtained; it is not the final step.
D. Obtain and record commitment to the assessment plan → Correct
This is the final step before conducting the assessment. The OSC must formally agree to the plan.
CMMC 2.0 References Supporting This Answer:
CMMC Assessment Process (CAP) Document
States that theOSC must confirm agreement to the assessment plan before execution.
CMMC-AB Guidelines for C3PAOs
Specifies thatfinalizing the assessment plan requires documented commitment from the OSC.
CMMC Assessment Guide
Outlines thatassessments cannot begin without formal approval of the plan.
Final Answer:
✔D. Obtain and record commitment to the assessment plan.
