Skip to main content

ISACA CMMC Certified Professional

IntermediateGRC / CompliancePaid

ISACA's foundational CMMC credential, administered under ISACA's role as the CMMC Assessor and Instructor Certification Organization (CAICO), for professionals who support Cybersecurity Maturity Model Certification assessments and readiness across the Defense Industrial Base. The 170-question exam spans the CMMC model, the assessment process, scoping, governance, and ethics. Note: the Department of War suspended CMMC Phase II third-party assessment requirements on 2026-07-13, and a reform review is underway, though CCP training and exams continue to operate.

What you'll prove

  • Interpret the CMMC model and its Level 1 and Level 2 practice requirements
  • Apply the CMMC assessment process and scope an assessment boundary
  • Support Defense Industrial Base organizations preparing for CMMC assessments

Frequently asked

What does the CMMC Phase II suspension mean for the CCP?

On 2026-07-13 the Department of War suspended CMMC Phase II third-party assessment requirements, which had been scheduled to start 2026-11-10. Phase I self-assessments against NIST SP 800-171 remain firmly in place, and a reform task force is due to report within about 60 days. Training and exams continue to operate. The CCP supports self-assessment and readiness work, not just third-party assessments, so it is less directly exposed to the suspension than the assessor credentials, but the program's future shape is under active review.

How much does the CCP cost?

The exam is $575 for ISACA members and $760 for non-members, plus a $200 application processing fee. Mandatory CCP training is required through an approved provider, and ISACA does not publish a set price for that training, so budget for it separately.

What do I need to earn the CCP?

Complete mandatory CCP training, pass the 170-question exam, pay the $200 application fee, and attain a positively adjudicated Tier 3 background investigation by the Department of War. ISACA also asks for a cyber or IT background such as a related degree or two or more years of related education or experience.

Where this fits

Roadmaps featuring this cert