September 2, 2020

Last Updated on January 12, 2024

The CMMC Accreditation Body (CMMC-AB), the independent entity that manages the CMMC launch for the US Department of Defense (DoD), is taking applications for five new, CMMC-related certifications: Certified Third-Party Assessor Organizations (C3PAOs), Certified Professionals (CPs), Certified Assessors (CAs), Registered Provider Organizations (RPOs), Registered Practitioners (RPs) and Licensed Partner Publishers (LPPs).

DoD suppliers and the companies that advise them should both get familiar with these new roles. Suppliers will soon need to hire these practitioners and many service providers will want to offer one or more of these services.

This blog post focuses on the Registered Practitioner (RP) role.
Working for a Registered Provider Organization (RPO) as an employee or contractor, a Registered Practitioner “delivers non-certified advisory services informed by basic training on the CMMC standard.” These services take place outside the actual CMMC assessment. (An assessment can only be conducted by Certified Assessors (CAs) assisted by Certified Professionals (CPs) under the auspices of a Certified Third-Party Assessor Organizations (C3PAOs).)
The purpose of RPs is specifically to provide CMMC consulting, coaching and support to companies in the US Defense Industrial Base (DIB). DoD suppliers will connect with an RPO and work with RPs to help prepare for a successful CMMC assessment.
What sets RPs and RPOs off from other entities offering CMMC-related consulting is their certification, training and relationship with the CMMC-AB. Suppliers can rest assured that RPs and the RPOs they work for are ethical, prepared and motivated to meet their needs.
Numerous unethical entities are already pumping out false advertising that they can  “CMMC certify” a company —even though the final guidelines are not yet available and assessments are still in the trial stages. There’s no question that it will pay to do some due diligence before hiring a CMMC “expert.”

Jeff Dalton, chair of the CMMC-AB’s accreditation and credentialing committee, explains: “The RPOs and the registered practitioners are an opportunity for those who want to be consultants or coaches in the field to not only get training and get some qualifications in CMMC, but also be associated with the CMMC ecosystem, through a listing in our marketplace and our logo. It also gives the AB an opportunity to understand who’s doing what out in the field. You obviously don’t have to have that designation to do work in this space, but we’re trying to build an ecosystem of people that all work together.”

When you work with an RP, you know they’ve had adequate “basic training” to help businesses achieve CMMC compliance.

To become an RP, you need to do the following:

  • Apply online
  • Associate yourself with an RPO
  • Complete the online training program
  • Sign the CMMC-AB Code of Professional Conduct
  • Pass a background check
  • Pay the $500 annual fee

Becoming a CMMC-AB Registered Practitioner is a great way to tell prospective employers and clients that you have special interest and expertise in CMMC and understand its requirements, and have made a commitment to ethical practice. You also get to use the CMMC-AB Registered logo to support your business and differentiate you from others offering CMMC guidance.
Does your business need to achieve CMMC compliance? Do you want to get a head start on preparing for CMMC certification? Pivot Point Security currently offers a full range of CMMC compliance services and plans to be among the first RPOs. Connect with a CMMC expert today to explore how we can help.

New CMMC V2 Certification Guide

A Simple Guide to Comply with the DoD's Cybersecurity Maturity Model Certification (CMMC) This NEW CMMC V2 Certification Guide will give you a quick and easily digestible introduction to the CMMC and the process we use to help our clients become CMMC compliant.